My wife is from Kansas City, Missouri. Some of you (most of you?) might know that Missouri is the “Show Me” State (they have to see something to believe it).
Throughout almost the entirety of my insurance career after I left working for marketing departments in a few insurers (across all major lines of business over 17 years), I have been surrounded, whether as a management consultant or an insurance industry analyst, by information technology professionals and telecommunications professionals. They, through collaboration with them or reading their analyses, have shown me the future, so to speak. A future where everything (whether tangible or intangible) is interconnected together.
Cyber-Forming World
I call it “cyber-forming the world”. I can “see it” … very clearly. The cyber-forming world will overlay our existing world in the weeks, months, and years ahead.
In this cyber-forming world, the cyber risk attack-space is an always-expanding Nth dimensional topographical space. Every instance a digital artifact is connected to the web, the cyber risk attack-space expands; every instance a physical artifact with telco capabilities is connected to the web, the cyber risk attack-space expands; every instance a living entity (e.g. person, animal, insect) with IP-sensors embedded in it or attached to it is connected to the web, the cyber risk attack-space expands. Every. Single. Instance.
In the cyber-forming world, there will be neither stability nor maturity of cyber risks or cyber-attacks. Estimating the probable maximum loss of cyber risks to any degree of accuracy is not possible in the emerging cyber-forming world.
It’s not a matter of “getting the right data”. The “right data” of future, yet-to-emerge cyber-attacks doesn’t exist yet … and won’t until the cyber-attacks becomes real.
As cyber risks continue to evolve, and then become a reality as a cyber-attack, the losses will increase to unpalatable levels for the (re)insurance industry.
I’m not sure that the financial markets could financially “underwrite” (or would want to financially “underwrite”) the systemic cyber risks and concomitant cyber-attacks yet to emerge.
May be Acceptable Regions of Cyber Loss Levels
I agree that there may be regions of cyber loss levels that some (re)insurance companies (including E&S carriers) and financial market players might find the financial returns they want from “underwriting” cyber risks … but I believe those cyber loss regions will become harder and harder to find as cyber risks evolve in our cyber-forming world to become more complex forms than what they were when insurers first began selling cyber insurance in the late 1990s.
We, our society, are heading into a world of interconnected and interdependent intangible assets with its own evolving risk space. Believing that we can use our experience insuring the risks of the pre-cyber forming world as a path to insure the palette of evolving cyber risks in the cyber-forming world is a wonderful recipe to lose far too much money.
Rabkin's Opinions 