Published 26 Dec 2022 at 19:13
Faced with attacks from internet pirates, Mario Greco sounds the alarm. For this figure of European insurance, current CEO of Zurich Insurance and former head of Generali, cyber attacks will become “uninsurable”, even more so than the natural disasters that grab the headlines, against the backdrop of climate change.
“What will be uninsured will be cybernetics,” he told the Financial Times. If someone takes control of vital parts of our infrastructure, what would the consequences be? »
“Questions of Civilization”
Attacks against hospitals, ministries, companies and transport or energy infrastructures can seriously disrupt the functioning of the economy, but also human security.
“You have to understand that it’s not just about data. It is a question of civilization. These people can seriously disrupt our lives,” recalls Mario Greco.
Faced with the proliferation of attacks, insurance companies are already more reluctant to take on these risks and absorb the losses… and have raised their prices. Not to mention that the origin of the attack, isolated or sponsored by a state, is often difficult to determine.
Zurich itself initially refused to compensate food giant Mondelez after the NotPetya malware attack, on the grounds that the contract excluded “acts of war”. Before entering into an agreement with his client three years later, last November. Meanwhile, the pharmaceutical group Merck had won a resounding legal victory in the US in the NotPetya case.
New law in France
Faced with financial and legal risks, Mario Greco calls on governments to “put in place private-public mechanisms to deal with systemic cyber risks that cannot be quantified, such as what exists in certain jurisdictions for earthquakes or terrorist attacks”.
Last September, the United States launched a hearing on a possible federal response to cyber insurance.
In France, the Interior Ministry Programming Law (LOPMI), passed this month, legalizes compensation for cyber-ransoms paid by companies, provided they file a complaint. This type of guarantee is rejected by some, including the boss of Zurich, for fear of encouraging extortion.
But this clarification of the law was demanded by insurers such as AXA and supported by Bercy, which wants to jumpstart the micro-cyber insurance market. In 2021, it weighed 219 million euros, or 4% of the non-life premium market for French companies.