The Grange Pub in Cardiff is a typical modern British tavern. A short stroll from the city centre, it’s busy most days of the week. Weekends are packed, especially for Sunday lunch.
In March 2020 all that stopped. Government lockdown orders forced The Grange to shut. Within weeks the pub’s owners faced tens of thousands of pounds in losses. They filed a claim for lost income on their business interruption (BI) insurance. They weren’t alone.
Cyber insurers can sometimes feel like systemic risk is unique to them: it isn’t. The Covid pandemic was about as systemic as it gets. BI insurers faced an avalanche of claims following the first lockdowns. And the industry failed in the eyes of thousands of small business owners. The reason was a failure to address the perennial problem of systemic risk. The cyber market mustn’t repeat the same mistakes.
Perils of systemic risk
Insurers have always fretted about systemic risk: exposure to a single event that triggers an enormous number of claims and a colossal, accumulated financial loss. The 1906 San Francisco earthquake spawned over 100,000 claims, costing insurers over $5 billion in today’s money.