Systemic Risk and Cyber Insurance


As advancements in technology enhance productivity, develop new businesses and enhance economic growth, malicious actors continue to advance as well, seeking to exploit technology for any number of criminal motives or nation-state directed attacks. In response to these threats, enterprises are improving their security, modernizing their risk management practices, and at times working within their respective sectors and with the government to share information.

Increasingly, enterprises are also incorporating the traditional practice of risk transfer into their management practices for technology risks. While this phenomenon is still in its early stages, the insurance industry has been underwriting technology risks for more than a generation.

Complicating the insurance industry’s ability to underwrite cyber risk is the presence of nation-states seeking to exploit enterprises. To date, cyber attacks have generally been seen as low-cost, high-yield endeavors for the average malicious actor, however, nation-state attacks against the private sector have the potential to distort cybersecurity costs across multiple markets. This dynamic threatens to drive the cost curve in ways criminals cannot, with devastating effects for enterprises.

Technology companies, the insurance industry and their customers are driving better cyber risk management across the ecosystem. Governments also play an important role, but that role is most effective when focused on defending the cyber ecosystem, not exploiting it. As technology platforms continue to drive change in areas like cloud computing, the Internet of Things, and even blockchain technology, it is even more important that governments commit to supporting the improvement of cyber risk management.

This breakthrough group will examine systemic risk, its impact on general business continuity, and the implications for the insurance industry.


In October 2016 the EastWest Institute, Microsoft and Marsh & McLennan co-hosted a working roundtable to discuss the impacts of a growing cyber insurance market. This meeting brought together over thirty insurance, technology and government leaders to examine the roles they have in increasing cyber resiliency. The experts examined how insurance providers can encourage and improve cybersecurity risk management, the role of the government in the burgeoning insurance industry, and the future of cyber insurance.


This breakthrough group will examine systemic risk beyond financial systems, its impact on general business continuity and its potential for cascading failures, and the implications for the insurance industry. It will develop and disseminate approaches to mitigating risk and improving loss prevention across key industries worldwide.