Tom Johansmeyer, Head of PCS, at ISO Claims Analytics, a division of Verisk Insurance Solutions, has described ransomware as becoming one of the largest cyber risks threatening the insurance-linked securities (ILS) market in the provision of reinsurance and retrocession capacity.
Johansmeyer, who made this disclosure during a recent video interview with Artemis.com, said that ransomware was just one piece of the overall cyber reinsurance market issue, however it is quickly becoming one of the largest ones.
He said: “Interestingly, the T Mobile breach has impeded the ransomware discussion, which gives you a sense of how big ransomware is. It’s ongoing, it’s difficult, it’s messy,” he explained.
According to the analyst, due to the size of the issue, without some kind of state-level ransomware solution it becomes a lot harder to manage.
He further explained that people within the industry had suggested this type of risk should be put into to a pool, either an existing risk pool such as one for terrorism, or with the development of a new cyber risk pool mechanism.
On some suggestions that ransomware should be put into a terror pool, the PCS leader believes this would not be right, since ransomware isn’t terrorism.
He clarified: “First off, ransomware is not terror. Let’s be really clear here, if I put a gun to your head and say I want to make a point, politically, religiously, or for some social purpose, that is terrorism. I put a gun to your head telling you to give me your wallet, that’s commercial,” he explained.
“So that dynamic is different, that thread is different, so if you put that kind of risk into a terror pool it stands out like a sore thumb, so it doesn’t make sense to me”, Johansmeyer posited.
Expressing his views on the idea of whether government should be involved in the current fight against ransomware, the industry expert maintained that “it is too early to start ceding risks to the taxpayer, without an insurance market effort.
“So, if we had diplomatic engagement that could at least ring-fence certain types of risk, where if ransomware gangs go after a hospital for example, then diplomatic measures on the host country would squeeze it and so forth.
“I think that sort of dynamic might give us some elbow room. Putting it into a pool, doesn’t change the nature of the risk, doesn’t change the nature of the cost to society. I’m not convinced that a pool is the right mechanism”, the Head of PCS added.
However, he agreed that some diplomatic support for insurance and reinsurance industry initiatives can help the market provide a more functional level of protection and also enable reinsurers to build important capacity to support primary cyber risk underwriters.