Property Claim Services (PCS) has published its first estimate of the insurance industry loss due to the recent Equifax cyber hacking breach putting it at $125 million, Artemis can reveal. PCS has also designated its second Global Cyber loss event, the malware attack that hit pharmaceutical giant Merck & Co.
PCS only launched its new loss aggregation service for individual affirmative international cyber events, called PCS Global Cyber, at the beginning of September and has already designated two cyber insurance and reinsurance market loss events, with one now having its initial estimate ready as well.
The PCS Global Cyber service is designed to offer the risk transfer market data on cyber losses, to help in analysing cyber risks, as well as an index trigger for cyber risk transfer and cyber reinsurance contracts, such as industry loss warranties (ILW’s) or catastrophe bonds.
PCS designated its first Global Cyber loss event with the Equifax hack. The global credit reporting giant suffered a hack attack that revealed personal details of as many as 143 million of its U.S. customers (names, addresses, social security numbers), along with details of some UK and Canadian customers, along with as many as 200,000 people’s credit card details.
PCS’ initial estimate of the insurance market impact due to the Equifax hack attack is $125 million, however the firm said that the economic impact to the credit giant is expected to be much larger.
PCS noted that there are outstanding coverage issues which could reduce the likelihood of the Equifax cyber insurance loss reaching the $125 million estimate, so it could be revised down it would appear.
Equifax’s specific cyber insurance policy could provide as much as $150 million of coverage, we understand, with London market insurance and reinsurance firm Beazley said one of the most exposed. Equifax may also attempt to recover some costs under business interruption linked to its property policies, which could mean the estimates grow.
However, Equifax has come under legal challenge over the way the firm dealt with the hacking attack and there could be some disputes over BI coverage, as it may be deemed to have exacerbated the impact of the loss by the way it has been handled.
PCS has also designated its second cyber loss event, under its PCS Global Cyber service, we can can reveal.
Pharmaceutical giant Merck was hit by the Petya / NotPetya malware cyber attack in June, causing a significant impact to its global operations.
PCS explained that the disruption caused even impacted the firms ability to produce vaccines and medications in normal volumes, with production, delivery and distribution, back-office, research and sales operations all taking a hit.
The impacts to Merck have been significant and as yet the economic cost remains very hard to quantify.
Merck has not issued a statement on the expected hit to its profits, but some other major global firms that suffered due to the Petya cyber attacks have, with FedEx reporting up to $300 million of costs associated with it, as did shipping giant Maersk (also $300m), while Reckitt Benckiser estimated around $130 million of malware related costs.
Merck is thought to have been the hardest hit, with many of its internal processes computerised and so halted or restricted by the impacts of the malware attack. It’s understood that Merck could look to claim business interruption costs under certain insurance policies it has in place.
Artemis spoke with Tom Johansmeyer, AVP of PCS, regarding the recent cyber loss events; “With the support of our worldwide cyber re/insurance network, we’ve been able to demonstrate the effectiveness of PCS Global Cyber. We appreciate the support we receive from the market and understand that industry loss estimates require the support of the industry. We’ll continue to monitor both events and produce updates in accordance with our methodology.
“PCS Global Cyber is currently tracking three loss estimates expected to exceed US$20 million on an industry wide basis. This sort of activity within a month of the service’s launch demonstrates the timeliness of our specialty lines expansion, as well as the effectiveness of the PCS team in entering the new markets where our clients need us most.
“In addition to the cyber events, PCS is monitoring the Hanjin event for PCS Global Marine and Energy, in addition to having been the only loss aggregation organization to produce catastrophe loss events in Turkey (three since 2016). Our new services have a consistent track record of being relevant enough to show applicability quickly after launch, which is the direct result of our commitment to our clients.”
PCS will now begin to collect and aggregate cyber insurance loss data for the Merck hacking breach and will report on it in due course, in line with its industry loss reporting schedule. Updates will also be provided on the Equifax cyber attack as warranted.