Cyber crime exists and hurts financially, partly because it is difficult to insure. One Long Finance proposal is Cyber Reinsurance (Cyber Re). The proposal originated in frustration at widespread inaction by authorities to cyber-enabled thefts on the carbon markets, though an earlier version was proposed during Y2K/Millennium Bug preparations.
Why don’t we have a public-private Cyber Reinsurance scheme (or extend an existing scheme e.g. Pool Re) where government helps the insurance industry fund the extreme losses of cyber-risk? As an example, government takes responsibility for business interruption risks above a point, say £100m. Below that point normal insurers write cyber policies which help spread information and best practice and bear the risks up to £X million on any single incident, or £Y million on combined incidents.
It is likely that the business interruption model might be most appropriate. A good example of business interruption or “loss of earnings cover” is The Strike Club, originally for industrial dispute insurance but now providing a wide range of business interruption insurance to shippers, fleets, ports and facilities. In a simple business interruption model, the client states in advance how much a day’s outage will cost and this both sets the premium and the claims, e.g. a day’s outage costs £5m, the retention is the first 2 days, followed by payments for the next 10 days, for a premium of £500,000. When claims are made the estimated day’s outage costs must be reasonable, but otherwise the model is simple.