Geneva Association: Progress towards cyber public-private partnerships “still modest”

Little progress has been made in establishing public-private partnerships to address the potentially systemic challenges posed by cyber risks, according to the Geneva Association’s Darren Pain.

Speaking to The Insurer TV, Pain, the think tank’s director for evolving liability and cyber, said more discussion was needed around how systemic cyber exposures could be shared between the public and private sectors.

“In general, the level of action is still quite modest across all of these public-private partnerships. I think that’s true for all systemic risks, not just in cyber,” Pain said.

While the Covid-19 pandemic increased awareness of how a catastrophic cyber event could have systemic impacts, Pain said the debate has “only really just got going”.

He noted that existing public-private partnerships for terrorism risk, such as the TRIPRA backstop in the US, do not address the consequences of cyber attacks.

However, an early stage public-private proposal on the other side of the Atlantic – Resilience UK – proposes to combine infrastructure resilience with insurance and financial products to allow the government to invest in climate adaptation and cyber resilience.

Systemic loss potential

Pain highlighted certain types of cyber events as potentially systemic in nature.

An example could be a war-like event – or hostile cyber activity – encompassing cyber intrusions into more vulnerable systems that could generate significant losses.

“Thankfully we’ve not seen one of those [large losses], but the accumulation loss potential associated with those sorts of cyber incident is one of the reasons why we’ve made the case to the Geneva Association that there needs to be at least a conversation with governments about how you can better pool and share the risk between private sector and the governments,” Pain added.

Pain was speaking to The Insurer TV following a recent report by the Geneva Association focusing on ransomwarefrom an insurance perspective.

As Pain explains in the interview, the study also raises suggestions brought forward by the (re)insurance industry around how governments could counter ransomware.

These include actions with the objective of deterring, disrupting, preparing for and responding to ransomware attacks.

In this 12-minute interview, Darren Pain discusses the following topics: