Monday, April 11, 2011

Should There Be Cyber War Risk Insurance?

Given that the money-earning side of the world wide web had recently become indispensable to the 7-billion or so people of planet Earth and cyber attacks are on the rise, should the need for a cyber war risk insurance be nigh?

By: Ringo Bones

During the very tail-end of the 20th Century – i.e. the very late 1990s – the very idea that a few billion people earning their very livelihood via the globalized infrastructure of the world wide web seems almost inconceivable, so too are the very concept of cyber attacks that could cripple a major chunk of a sovereign country’s economic lifeblood – not to mention life-savings of a few billion people being siphoned off by cyber terrorists. Given that high profile cyber attacks via directed denial of service or DDOS attacks are on the rise since 2005, should insurance providers be offering cyber war risk insurance schemes?

Ordinary or conventional war risk insurance that has now become de rigueur for major insurance companies is defined as a type of insurance that covers damage due to attacks of war including invasion, insurrection, rebellion and hijacking. Some policies also cover damage resulting from use of weapons of mass destruction. At present, conventional war risk insurance is most commonly used in the shipping and the aviation industries.

Earlier this year, the cyber attack issue had been raised in the 2011 Munich Cyber Security Conference noting the previous high profile attacks of the 21st Century like the 2007 cyber attack on Estonia’s internet infrastructure due to the country’s dispute with Russia over a Soviet era memorial of the Great Patriotic War – though no proof whatsoever was found if the alleged 2007 DDOS attack on Estonia was actively sponsored by the Kremlin. And even though there has seemed to be a lack of urgency – even political will – of tackling cyber attacks, never mind establishing a Geneva Convention or Hague Convention style rules of war governing cyber warfare like designating hospitals and microfinance banking systems’ internet infrastructure non-combatant status during a cyber war.

Even though there are already UN Security Council Resolution provisions in existence that dish out punitive sanctions on states and governments that sponsor terrorism, the UN Security Council has yet to issue one directed at states and governments that actively sponsor cyber terrorist organizations – which could cause problems for insurance companies on how to equitably compensate victims / casualties of cyber attacks. Could a lack of political will of the international community in defining and tackling cyber terrorists and reaching a consensus on the establishment of cyber warfare conventions eventually make cyber war insurance – at present – an economic red herring?


Sherry said...

Cyber War Risk Insurance? Reminds me of that National Twitter Catastrophe Insurance parodied by Conan O'Brien.

May Anne said...

There should be a Geneva Convention and a Hague Convention articles governing rules of engagement during a cyber war so that insurance companies can set accurate actuarial figures accordingly.

Michelle said...

The Beijing 50-Cent Cyber Army launching DDOS attacks against the US Army Signal Corps could be considered "old school" if Mainland Chinese telecommunications firms Huawei and ZTE weren't caught and blocked in time as they tried to establish a foothold in the US internet infrastructure by a recent US Congressional investigative committee.