Lockton Re investigates resilience against hypothetical cyber threat

New report introduces 'Ivan Wiper' scenario to spotlight what could happen

Lockton Re investigates resilience against hypothetical cyber threat


By Mika Pangilinan

Lockton Re has released a report delving into the potential ramifications of a major cyber catastrophe.

The report, called A Kaleidoscope of Possibilities: Preparing for Ivan Wiper, introduces a hypothetical scenario involving a “hypothetical self-propagating destructive malware” to assess the insurance industry’s readiness for such an event.

“We wanted to explore the potential aftermath of a major cyber catastrophe, as this is an area which has been overlooked in discussions on systemic risk,” said Oliver Brew, Lockton Re’s London cyber practice leader and co-author of the report.

One of the insights presented in the report suggests that while the insurance industry has managed larger natural and man-made disasters, the unique challenges posed by cyber incidents require collaborative efforts to handle effectively.

The report also highlights potential significant bottlenecks in claims processing, stating that some insurers may exit the cyber insurance market. However, there should still be strong interest among experienced reinsurers to recapitalize and benefit from improved rating conditions after such events.

Major cyber catastrophe will push industry to innovate

Matthew Silley, a Lockton Re cyber broker and Brew’s co-author, offered further insight into the goals of the report.

“The insurance industry has built its reputation supporting recovery after major events, learning, and adapting,” he said. “Notwithstanding that a major cyber catastrophe has yet to materialize, the cyber insurance industry has been proactive in addressing the potential for significant systemic risks.”

Brew went on to comment on the specific effects of the hypothetical Ivan Wiper event on the reinsurance sector. He noted an expected acceleration in the cyber catastrophe market in terms of new product innovations, as well as “a growing consensus around common cyber war and critical infrastructure exclusions.”

Silley also offered a broader perspective on the importance of adequate coverage and said such wide-scale events are “more challenging for those companies who either cannot afford, or choose not to buy insurance.”

“They will struggle to access specialist incident response services unless they have inhouse or retained access,” said Silley. “The goal of the paper is to raise questions and challenges, rather than fear or anxiety. By considering specific issues for each stakeholder, the conversation can progress.”

What are your thoughts on this story? Feel free to comment below.

Keep up with the latest news and events

Join our mailing list, it’s free!