The Geopolitical Risks of Technology
29 Apr 2019|
As the use of technology becomes increasingly integral to the global business landscape, cyber risk events and geopolitical conflicts will become more intertwined.
Tensions have been escalating between the West and China due to the growing dominance of Chinese technology, which increasingly underpins the technology infrastructures upon which many companies around the world rely.
Chinese technology giant Huawei’s smartphones and telecommunications equipment are used throughout the world, and they have pursued a strategy of becoming the world leader in the supply of next generation wireless 5G networks. The rollout of 5G technologies will lead to ever-closer ties between business, governments and critical infrastructures around the world. However, there is growing concern that 5G could pose a national security threat. Western nations suspect that given Huawei’s close proximity to the Chinese state, they could embed vulnerabilities into their devices, providing the Chinese state with the potential to intercept sensitive data, and disrupt and damage businesses, governments and – more broadly – destabilise societies. Consequently, there are concerns as to the wider potential for a manipulation of 5G technologies to affect the global economy. Huawei has repeatedly denied that is an enabler for Chinese espionage; however, the West continue to maintain a suspicious position.
In December, the Head of MI6, Alex Younger, questioned the involvement of Chinese firms in the development of 5G. Writing in The Times, he said: “We need to decide the extent to which we are going to be comfortable with Chinese ownership of these technologies and these platforms in an environment where some of our allies have taken quite a definite position. We need to have a conversation – this is a non-trivial issue. It is one that needs to be worked through.”
While this controversy is a geopolitical and business headache, it also brings to the fore major challenges for the insurance industry as it tries to understand technology and cyber risk stemming from and involving the latest wave of technology infrastructure. In order to effectively deploy and protect capital, it is critical that the insurance sector provides responsible products that effectively protect businesses, whilst also balancing the wider potential for capital impairment.
It is also introducing new and varied risk exposure into traditional lines of business, particularly where the use of technology is key in the delivery of services – e.g. the failure of medical device technology and its potential to impact the traditional notion of ‘Medical Malpractice’ and its accompanying insurance product suite.
"We need to decide the extent to which we are going to be comfortable with Chinese ownership of these technologies and these platforms in an environment where some of our allies have taken quite a definite position. We need to have a conversation – this is a non-trivial issue. It is one that needs to be worked through."
With technology increasingly at the heart of business operations around the world, there is a growing danger that geopolitical conflicts can trigger significant risk events for companies. The insurance industry has to effectively address the question of which malicious technology-related risks will be catered for by established insurance products (such as Terrorism and Political Risk); which may fall within the wider and more all-encompassing product lines (such as Property); and which will need to be addressed on a stand-alone basis. Regardless of the product and risk transfer mechanism, careful consideration of the risk and the use of specialist domain expertise as part of the underwriting process is crucial to offset technology-driven risks potential to be under-priced – potentially resulting in capital impairment. Such a scenario would be most impactful against capital reserved against the more traditional lines of business, which are already operating on relatively thin margins.
We have already seen technology and cyber-related losses with the potential to significantly affect traditional all-risk products. For example, the purported $275m losses experienced by Merck & Co’s following a cyber-attack last June had the potential to be covered under their Property All Risks policies. However, several markets allegedly denied coverage based on war exclusions – asserting that the event was part of a wider geopolitical conflict. Similarly, this was somewhat of a watershed moment for the industry, demonstrating the potential for cyber incidents to cause significant losses that were not solely data-related – losses that, to date, haven’t typically been discretely priced or assessed when formulating the pricing for a Property All Risks product.
This will continue to bring into question the role and defensibility of the concept of attribution, particularly where losses have stemmed from technology or cyber-attacks that have the potential for some level of state-affiliated involvement. In reality, regardless of any individual state’s posturing, achieving such attribution to a level of sufficient legal proof will continue to be a challenge, primarily because of the relative anonymity and complexity of computing systems in use. This issue will be further exacerbated by the ubiquity of 5G technologies.
It is crucial the insurance industry switches its focus away from ‘Who’ allegedly carried out such attacks and puts more emphasis upon the ultimate form of loss, or the nature of the attack itself – a process that can be reverse-engineered through technical expertise for a consistent determination of coverage. Relying on ‘Who’ will still necessitate too many tentative links and speculative assumptions, and ultimately is not a robust approach to efficiently and effectively pricing risk exposure or determining the validity of coverage.
As the use of technology continues to grow and become increasingly integral to the global business landscape, cyber risk events and geopolitical conflicts will become more intertwined. The insurance industry needs to evolve rapidly to ensure it can produce and support products that accurately address such exposures, that are adequately priced to ensure these lines of business and products are sustainable for carriers over the long-term as the risk exposure shows no signs of abating.
Daniel Carr is Head of Innovation and Cyber Insurance at Occam Underwriting