The Silent Cyber Terror
Terror is typically more narrowly defined than war, but Westlaw, a Thomson Reuters company, said in a note last week that “cyber terrorism” is sometimes defined “quite broadly to include any attack against a computer system with the ‘intent to cause harm’ in furtherance of ‘social, ideological, religious, economic, or political objectives'”.
There is also a risk from “silent cyber”, in which businesses have other policies which do not specifically exclude cyber-attacks and may look to claim on those.
A New Jersey court ruled in January in favour of Merck & Co (MRK.N) over a $1.4 billion insurance claim for the 2017 NotPetya cyber-attack, which the White House blamed on Russia. To reduce their overall risk, some cyber insurers are considering broad exclusions for Russia and Ukraine, said Meredith Schnur, U.S. and Canada cyber brokerage leader at broker Marsh.
Cyber security firm Coveware likened the 90% plus profit margin from ransomware attacks last year to the gains Colombian cocaine cartels made in 1992, the FT reports. Cyber insurance rates rose by 130% in the United States and by 92% in Britain in the fourth quarter, according to Marsh.
Market wide, the effects will be significant. “The ripple effects from this terrible situation will be felt widely,” said Caroline Wagstaff, chief executive at the London Market Group. “Insurance claims — possibly significant across the market — will be made, and the market is working to understand their scope and scale.”
Lloyd’s, which took a net blow from Covid-related claims of more than $4bn in 2020, declined to comment on its overall exposure but said that Russia and Ukraine account for less than 1 per cent of its premiums.
The FT also reports that the Bank of England has remained sanguine about the impact of sanctions on the sector but the reality, say insurance executives, is that it is hard to get a sense of stranded and damaged assets in a war zone. The difficulty of both on-the-ground assessments and using technology such as drones was creating a “paucity of information” for the industry, said Forbes McKenzie, chief executive at London-based McKenzie Intelligence Services.
Marine insurers have moved quickly to limit the financial damage, with the Joint War Committee, an international body, labelling more and more waters around Russia and Ukraine higher risk, meaning an owner must contact their underwriter if they wish to enter.
Planes on the Ground
Marsh estimates that a worst-case scenario where planes could not be recovered would leave the global insurance market with a loss of about $5bn, bigger than it suffered after 9/11. Such a widespread loss would be a market-moving event. Aircraft leasing company BOC Aviation said that international insurers were “progressively cancelling certain elements” of the relevant insurance policies.
Insurance experts say privately that underwriters might also cite sanctions as a reason they cannot honour claims. “It’s going to end up in the courts,” said Michael Weiss, chief commercial officer of aircraft asset manager ABL Aviation.
Also falling broadly under the political risk umbrella is credit insurance, which protects against non-payment by debtors, such as a Russian buyer of foreign goods or recipient of bank finance. Wider financial sanctions have thrown many payments into doubt.
The political risk and credit sector is already reeling from Covid-related claims and failures of certain commodity traders such as Hin Leong Trading, which collapsed last year owing $4bn to creditors. While estimating their losses, the fear is that sanctions could spread into areas of energy and shipping that are core to the London market. At Lloyd’s, marine, aviation, transport, and energy made up 12 per cent of business in 2020.
Marsh also reports that businesses with assets in Russia may also be looking at their property insurance coverage to determine whether this could cover potential losses that are the direct result of the wide-ranging sanctions imposed against Russia. The broker notes that: “irrespective of the merits of a claim, some governments — including the US, UK, and several European countries — prohibit insurers from providing coverage if that payment violates sanction laws. Further, even losses that took place before the sanctions were instituted may be affected if the payment — made during the sanction period — would violate a stipulated sanction law.”
Sanctions are a real pain point for insurers. Getting sanctions processes wrong exposes insurers to regulatory fines and reputational damage in a market already being breached by more-nimble InsurTechs that are focused on building customer trust.
Financial institutions have historically borne the brunt of regulatory fines and transformation costs for failures in FC controls, resulting in over $36 billion in fines globally for non-compliance with Anti-money Laundering (AML), Know Your Customer (KYC) and sanctions rules since the financial crisis. In 2019 alone, penalties for sanctions violations represented 40% of the total regulatory fines levied against global firms.
Names and aliases on sanctions lists have increased by approximately 20% each year, raising the number of alerts requiring review. According to PwC, an increasing number of companies require screening, there is corresponding increase in the volume of transactions.
In terms of claims there are solutions that prevent insurers paying a sanctioned claim, at the point of pressing the agreement button, and signing the claim that will ultimately release the funds to the ultimate beneficiary. Technology can check, in real time, that beneficiaries are neither a sanctioned company nor an individual, allowing a claims handler to easily see why a fail has been returned, and if it is a failure due to a false positive.
There are sanctions technology solutions available that can help insurance companies to manage their risk in this area. To find out how DOCOsoft can help, contact firstname.lastname@example.org