The emerging risk on the horizon for financial institutions is war.
When two countries pick up arms against each other, we call that “war.” When two companies compete for business we call that “free enterprise.” What then do we call it when a sovereign nation deliberately targets a company, specifically a financial institution, from another country? At some point is that not war?
The headlines for the last few months have reported a drastic increase in aggressive cyber-attacks against some of the largest banks and financial institutions in the United States. Experts believe that these attacks are being funded and coordinated by sovereign states, even if the actual attacks are executed by independent operators.
These attacks are sometimes simple Distributed Denial of Service type of attacks aimed at slowing or crashing an institutions online capability, others are more nefarious, designed to steal data or corrupt systems.
Insurers have not yet designated such attacks as an uninsurable “Act of War” but if such attacks persist, (and we have every reason to believe they will) insurers can be expected to price their coverage accordingly with the knowledge that specific institutions are being targeted not by business rivals but by sovereign states. And in my book… that is war.