Commercial espionage, cybercrime and sabotage are among others the greatest challenges for governments, the law enforcement and enterprises. The computer networks of governments, enterprises, financial and multilateral institutions, as well as foundations are under constant attacks. The scenarios cover a wide spectrum, from stealing, denying, disrupting and destroying information to compromising parts of, or the entire system. Hackers use the structures and techniques of the internet to conduct specific or large scale, short- or long-term attacks to make money or to weaken competitors.

As the high losses in the recent past due to a variety of cyber-attacks have led to companies increasingly looking for cyber insurance to cover their costs in an event of an attack, there is a lot of movement on the market. This demand has been met with a mixture of delight and fear on the part of insurer. Satisfied because the cyber market offers enormous growth potential, unlike most other parts of the global specialty insurance industry, where demand has been stagnating for years; and fear, because cyber insurances are so difficult to estimate and calculate. There is a major problem with regard to the calculability of the amount of damage and the non-independence of the events of damage.

In other words, in the event of a targeted or non-targeted cyber-attack on a company, both subsidiaries and partner companies may be affected through the networking of the IT infrastructure – as in the case of NotPetya. Such cascade effects are unpredictable and can have severe financial consequences for an insurer in the event that many of its customers are affected. Particularly critical is the insurability of damage caused by the infringement of intellectual property rights. The companies that have been affected by data theft and ransomware often suffer from indirectly attributable and long-term damage as a result.

It is in the interest of both companies and the insurance industry to better understand these intangible risks and to make them measurable. HERMENEUT’s approach is to make these opaque and unpredictable effects more quantifiable and to create more certainty in this constantly changing environment. This is why we are dedicating our 1st workshop to “Insurance in Cyber-security”: a community of researchers and practitioners, including brokers and insurers, will convene in Milan next July to identify future trends and challenges in the cyber-security insurance market, with a special focus on the best practices to implement.