China Cyber Attacks Should Worry Insurers

aratrembly.jpg

Mention the nation of China to most insurers and you’ll see them salivate like Pavlov’s dog over the prospect of selling insurance to more than a billion people. Now that’s all well and good for the sales report, but what about the fact that China seems to pop up again and again in connection with reports of cyber crime against the United States?

In the latest incident, a front-page article in The Wall Street Journal last week reported that cyber-spies from China and Russia have penetrated the U.S. electrical grid, leaving behind dangerous software that could be used to disrupt the system.

This is a development that should be very disturbing to any carrier that writes insurance against business interruption, and against cyber-attacks in particular. Why? Because a loss of power for even a day or two could have a devastating impact on any business. The worst-case scenario? Picture virtually every business in the United States grinding to a precipitous halt, a la “The Day the Earth Stood Still.” Even a more limited cyber-attack against the U.S. power grid is likely to bring down many businesses, interrupting commerce in entire regions, and leaving insurers and reinsurers holding the bag for losses that could set records for payouts.

The spying, for which both China and Russia have denied responsibility, appears pervasive across the United States, the Journal article noted, and while it did not target a particular company, the number of such intrusions continues to grow. That growth also should be keeping insurers up at night.

So what’s an insurer to do? Obviously, insurance companies can’t do much to stop international espionage, but they can do a lot in terms of due diligence regarding the companies they insure. Hard economic times (that historically spur crime) and increasingly vulnerable computer systems demand that corporate entities do all they can to head off business interruption. In this case, a company’s not having sophisticated power backup scenarios in place should be a red flag for any insurer thinking of writing a policy for that company.

And power protection and alternatives are only the beginning. Companies need to have a complete disaster plan in place that allows for business to continue even in the dire circumstance of a sustained power outage. The prospect of a company’s employees not being able to get to work—or to work at home—is simply appalling. That’s why risk management just got a jolt of importance with this latest cyber-spying escapade.

The latest in China’s misadventures on the Web follows accusations last year from several U.S. congressmen that the Chinese military had hacked into the Pentagon’s computer systems, with China also issuing denials at that time. The political implications are staggering.

Even if the Chinese government is innocent in all this, however, the fact remains that our very infrastructure as a nation is being compromised daily, and that should have insurers shivering like a five-year-old in a graveyard at midnight. The gauntlet has been thrown down for risk managers.

Ara C. Trembly is the founder of Ara Trembly, The Tech Consultant, and a noted speaker on and longtime observer of technology in insurance and financial services. He can be reached at ara@aratremblytechnology.com.

The opinions of bloggers on www.insurancenetworking.com do not necessarily reflect those of Insurance Networking News.

For reprint and licensing requests for this article, click here.
Security risk Core systems Data security Policy adminstration
MORE FROM DIGITAL INSURANCE