Read the original article here
The crux of this post is the point that there are some risks (and I believe a growing number of risks) which are (and will be) uninsurable. Cyber risks are not insurable.
Back in 2021, I saw a LinkedIn post from Dr. Robert Hartwig that discussed his testimony to one of the US Senate’s subcommittees about the uninsurability of Business Income from the Covid-19 pandemic.
Seeing that LinkedIn post, and reading his testimony, triggered my ongoing belief that uninsurability of certain risks has been happening more frequently over the decades.
More specifically, I believe that as we, as a society, become increasingly more dependent on web-connected devices that uninsurability will become more of an issue for both the insurance market and for corporations (and individuals as well).
I want to thank Dr. Robert Hartwig for giving me permission to use some of his content from his July 21, 2021 testimony to the US Senate Subcommittee.
His testimony is titled: “Examining Frameworks to Address Future Pandemic Risk” and he presented it to the United States Senate Committee on Banking, Housing and Urban Affairs, Subcommittee on Securities, Insurance and Investment.
Criteria for Insurability
The central question: how can an insurance / risk management professional identify risks that are insurable?
Here I introduce some of the content from Dr. Hartwig’s July 2021 Testimony. I’ll let the table below ‘speak for itself’ but I will repeat his point that “The inability of a risk to meet one or more of these criteria reduces or eliminates its insurability.” (My emphasis of bold and underlining of Dr. Hartwig’s point.)
Consideration of a pandemic through the lens of the six criteria
At this point, here – in the table below – is how Dr. Hartwig viewed the Covid-19 pandemic through the six criteria: you can see there is a relentless parade of ‘no’ with his logic given for the requirement of each criteria not being met.
Cyber risk will increasingly become uninsurable
Turning now to cyber risk, I use the same six points of insurability (or uninsurability depending on your point of view) to conclude that cyber risk is uninsurable.
Remember, the risk is not insurable if only one of the six criteria is not met.
By my analysis, I come up with: two criteria of insurability met, two criteria not met, and two criteria with ‘quasi’ meaning maybe yes or maybe no. I answer ‘no’ to the criterium: 3) determinable and measurable loss and 5) calculable chance of loss.
I suggest you select a specific cyber risk and do your own analysis. I may too skeptical. I may be looking at the cyber risks too harshly. However, whomever does the analysis should lose whatever levels of trust they have with any of their web-connected devices being safe, secure, and private.
Please let me know where I am wrong. I do want to know.
Original article here