Reinsurers grapple with hybrid cyber threat complexity – CyberCube

Hybrid threats blur lines between crime and warfare

Reinsurers grapple with hybrid cyber threat complexity – CyberCube

Reinsurance

By Kenneth Araullo

The frequency and impact of unplanned technology outages are rising, driven by a surge in cloud service provider (CSP) disruptions and industry-wide single points of failure (SPoF) events, according to cyber risk analytics provider CyberCube.

In its latest “Global Threat Briefing” report, the company highlighted that CSP outages are accelerating, disrupting critical services across multiple sectors.

CyberCube identified several high-profile industry outages in 2024, including the Change Healthcare attack, the CDK Global ransomware incident, and the global CrowdStrike IT outage. These events underscored the systemic risks posed by failures at key service providers, presenting challenges for businesses, insurers, and regulators.

William Altman (pictured above), CyberCube's cyber threat intelligence principal, noted the importance of proactive measures to address these risks.

“This includes strengthening cybersecurity frameworks to keep pace with emerging technologies, fostering greater collaboration to mitigate shared risks, and developing innovative insurance strategies tailored to a rapidly changing threat environment,” Altman said.

Nation-state cyber activity is complicating the risk landscape, with actors from Russia, Iran, North Korea, and China targeting critical sectors like energy, transportation, and public services for strategic objectives. These threats are increasingly blending criminal ransomware tactics with state-sponsored strategies, making attribution more challenging.

The UK's National Cyber Security Centre reported a 50% increase in nationally significant cyber incidents compared to the previous year.

CyberCube highlighted that ransomware remains a favored tool, with attackers leveraging it to disguise state-sponsored operations as ordinary cybercrime. This convergence creates ambiguity for insurers when applying war clause exclusions.

For instance, while many attacks cannot be directly attributed to a nation-state, their impact on critical infrastructure often mirrors traditional acts of war.

Sector-specific cyber risks

CyberCube's analysis revealed varying levels of exposure and security maturity across industries. The energy and utilities sector emerged as particularly vulnerable, with 36% of entities classified as having below-average security and high exposure.

Although most attacks have not disrupted power delivery, incidents targeting electricity providers, power grids, and water utilities highlight the growing risks.

Transportation and logistics also faced widespread cyberattacks in 2024, with disruptions reported in North America, Europe, the Middle East, and South Asia. These attacks affected airports, railways, ports, and public transport systems, sometimes involving political motivations.

CyberCube found that 56% of entities in this sector fell into the high-security and high-exposure quadrant, emphasizing the need for tailored risk management.

In the US public sector, attackers are targeting government networks, election systems, and critical infrastructure to destabilize services and erode public trust. CyberCube's data revealed that 86% of public-sector entities fall into below-average security and above-average exposure categories.

What does this mean for re/insurers?

The militarization and professionalization of cyber threats are reshaping risk assessment for the re/insurance market. Ransomware, now used as a geopolitical weapon, is pressuring insurers to adapt policy language and coverage terms. Traditional exclusions, such as those for acts of war, are increasingly difficult to enforce in the context of hybrid criminal-state attacks.

By mapping companies’ technology dependencies to catastrophic scenarios, insurers can better assess financial exposure to systemic cyber events.

As geopolitical tensions escalate, insurers must enhance collaboration with governments, improve threat intelligence, and develop policies that address the complexity of hybrid cyber threats. The convergence of criminal and state actors in cyberspace underscores the urgency of evolving traditional insurance frameworks to match the dynamic threat environment.

What are your thoughts on this story? Please feel free to share your comments below.

Keep up with the latest news and events

Join our mailing list, it’s free!