Zurich and Marsh McLennan Sound Alarm on Cybersecurity Gaps

In a joint whitepaper, Closing the Cyber Risk Protection Gap, Zurich Insurance Group and Marsh McLennan highlight the growing divide between increasing cyber threats and the current ability of both businesses and insurers to mitigate them.

Published on September 5, 2024

Zurich

In a joint whitepaper, Closing the Cyber Risk Protection Gap, Zurich Insurance Group and Marsh McLennan highlight the growing divide between increasing cyber threats and the current ability of both businesses and insurers to mitigate them. With cyberattacks now ranked as one of the top five global threats, the report underscores the urgent need for collaborative public-private efforts to address the looming crisis.

The Rising Tide of Cyber Threats

The world’s growing reliance on digital technologies, from remote working to cloud computing and emerging AI systems, has amplified both the benefits and risks of this digital transformation. Nearly 40% of experts surveyed in the World Economic Forum’s Global Risks Report 2024 identified cyberattacks as a “paramount risk,” with the potential to trigger a material crisis in the near future.

Ransomware attacks alone reached a record $1.1 billion in payments last year, and this figure is projected to skyrocket. By 2027, the global cost of cybercrime could reach an astronomical $24 trillion, up from $8.5 trillion in 2022. In addition, non-malicious cyber incidents like the recent CrowdStrike outage show that cyber vulnerabilities extend far beyond criminal activities.

The Cyber Protection Gap: A Critical Issue for Businesses

While the cyber insurance market is rapidly growing—it was valued at $14 billion in 2022 and is expected to more than double by 2027—there remains a substantial gap between insured and actual economic losses from cyberattacks. The whitepaper estimates this “protection gap” at $0.9 trillion, leaving a significant portion of cyber risks unaddressed.

Small and medium-sized businesses are particularly vulnerable, as many remain uninsured or underinsured against these threats. Zurich and Marsh McLennan argue that traditional insurance alone cannot bridge this gap, especially when it comes to large-scale, unquantifiable cyber risks.

Public-Private Partnerships: A Crucial Step Forward

The whitepaper calls for a public-private partnership model, similar to those used in managing risks associated with natural disasters, terrorism, and nuclear incidents. Governments can play a vital role by sharing data and providing frameworks to enhance cyber resilience. Examples include the U.S. Cybersecurity & Infrastructure Security Agency (CISA) and the EU’s Digital Operational Resilience Act, which require businesses to implement robust cybersecurity practices.

Implications for the Insurance Industry

For insurers, the rise of cyber threats presents both challenges and opportunities. While the cyber insurance market is expanding, insurers must find ways to close the protection gap by offering comprehensive solutions and helping businesses strengthen their defenses. Zurich and Marsh McLennan suggest several strategies:

  • Simplifying insurance procurement: Making it easier for businesses, particularly small and medium-sized enterprises, to access cyber insurance.
  • Building a common framework for data sharing: Insurers, brokers, and government agencies can aggregate and analyze cyber loss data to gain valuable insights.
  • Incentivizing better cyber hygiene: Encouraging businesses to adopt best practices in cybersecurity through incentives rather than regulations.

Cyber Resilience: A Shared Responsibility

Zurich and Marsh McLennan stress that closing the cyber protection gap requires coordinated action across sectors. Insurers, governments, and businesses must work together to foster digital maturity, share best practices, and develop holistic insurance solutions that address both insurable and uninsurable risks.

By building resilient frameworks and fostering stronger public-private partnerships, the insurance industry can play a key role in safeguarding both the economy and society from the escalating cyber threat landscape. The stakes are high, and the time for action is now.