Skip to main content
  The Geneva Association
  • About us
    • Who We Are
    • Team
    • Board
    • History
    • Careers
    • Contact
  • Research topics
    • Climate Change & Environment
    • Health & Demography
    • Financial Inclusion
    • Digital Technologies
    • Cyber
    • Macro & Geoeconomic Shifts
    • Public Policy & Regulation
    • Evolving Liability
  • Publications
    • Research reports
    • The Geneva Papers
    • Articles
    • Annual reports
  • Events
    • Upcoming events
    • Summaries & Recordings
  • Awards
    • Women in Insurance Award
    • Ernst Meyer Prize
  • News & Media
Search
Subscribe
My Account Logout Subscribe
LinkedIn YouTube Instagram
Popular searches
PROGRES
Ernst Meyer Prize
Women in Insurance Award
Geneva Papers
Safeguarding Home Insurance
Reports
Events

Breadcrumb

  1. Home
  2. Events
  3. Cyber Expert Forum 2021

Cyber Expert Forum 2021

Jun 09, 2021
  • Twitter
  • Linkedin
  • Email
  • Facebook

How large-scale cyber activity can impinge on insurability: Case spotlight on SolarWinds

The 2020 SolarWinds cyberattack was one of the largest and most sophisticated to date. 

SolarWinds is a major U.S. software company providing management tools for network and infrastructure monitoring, with a client base of over 300,000 high-profile companies. These include many Fortune 500 companies, universities and government departments such as the U.S. Department of Homeland Security and U.S. Treasury Department. 

The SolarWinds cyberattack was the work of a highly skilled actor. For the attack, the cyber perpetrators incorporated malware into a specific layer of SolarWinds software, enabling them to access some of the SolarWinds customers using the software. It appears that this infiltration was motivated by espionage. 

On 9 June 2021, The Geneva Association held a cyber expert forum, co-organised with Allianz, to take a deep dive into the SolarWinds cyber intrusion. The event was open exclusively to the insurance companies of Geneva Association members. 

Keynote speech: SolarWinds: Lessons learned

cyber_expert_forum_2021_stuart_mckenzie

Stuart McKenzie, Senior Vice President of Mandiant, FireEye.

Stuart McKenzie, Senior Vice President of Mandiant (FireEye), openly discussed the SolarWinds event and challenges that arose for FireEye (a client of SolarWinds) while investigating the intrusion into their own systems, e.g.: 

  • Helping those affected by the attack with countermeasures
  • Deciphering whether FireEye had done anything wrong (and how to improve their own security to prevent future intrusions)
  • Deciding what information to disclose to the public and when. 

On the last point, FireEye decided that transparency was best – the SolarWinds intrusion could provide many valuable lessons learned to others. 

Indeed, the SolarWinds event was one of the first times that technical details about an intrusion and its sophistication were divulged publicly. Similarly sophisticated attacks have occurred, but information on the techniques employed have often remained confidential. 

Identifying the different types of attackers has resulted in a better understanding of the cyber landscape. Highly skilled attacks are generally high cost and high risk for the perpetrators, so the targets are likely to be high-value organisations or government departments. 

Panel Discussion: How large-scale cyber events can help shape the cyber insurance offering

ga_cyber_expert_forum_2021

(Top) Matt Prevost, Senior Vice President, Cyber Product Line Manager, Chubb; Siegfried Rasthofer, Senior Cyber Security Expert, Munich Re; Catharina Richter, Global Head, Cyber Center of Competence, Allianz. (Bottom) Stuart McKenzie, Senior Vice President of Mandiant, FireEye; Jad Ariss, Managing Director, The Geneva Association.

Participants discussed how to manage media hype around cyber events and ensure the information provided to the insurance industry – on the characteristics of the event and corresponding losses – is accurate. This will better enable the industry to assess their appetite to cover similar future events and help improve projections of future losses, both economic and insured, using realistic disaster scenarios. Information about the interconnectivity of insurance policies covering cyber risks within a portfolio and the potential for accumulation losses, of particular relevance for the industry, can guide future decisions concerning capital requirements and risk appetite and inform the underwriting process. 

Working more closely with technical experts will be key in addressing software supply chain events, particularly in the areas of cyber underwriting and claims. Because victims often trust their software supply chain vendors, they may become complacent in believing their security is fully taken care of. Instead, insurance customers and society at large should increase their awareness of the risks and possible safeguarding measures, with an emphasis on more actively monitoring one’s own systems. Insurers should continue to take an active educational role in providing guidance on cybersecurity and measures to reduce risks. However, reaching a point where there are no vulnerabilities is unlikely; mitigation and containment of cyber events will be key. 

Although many organisations prioritise protection against cyber threats, cost, functionality and internal negotiations may be obstacles to purchasing the optimal security products. Furthermore, there will never be a single cyber safeguarding measure that will be universally applicable across all companies due to the complexities of internal cyber infrastructures within a company. As a starting point for enhanced cyber protection, software providers should ensure all of their customers meet a minimum standard of cybersecurity. Although this would not be the panacea of all cyber protections, it would create a good baseline for setting higher standards.

The insurance industry should also focus on removing monetary incentives to carrying out cyberattacks. It will first need to analyse how cyber criminals make money and seek to regulate the use of digital currency – the most common method of payment to cyber criminals. Effectively regulating digital currency to enable authorities to follow money trails and identify cyber perpetrators may, for example, disincentivise ransomware attackers. In future, the insurance industry may engage with regulators on the potential suitability of regulation for digital currency.

Members can view the password-protected recording here.

Related Content

Programme on Regulation and Supervision 2025

Programme on Regulation and Supervision 2025

Sep 16, 2025
Conferences
Evolving Liability Conference 2025

Evolving Liability Conference 2025

Mar 24, 2025
Conferences
Economic Forum 2025

Economic Forum 2025

Mar 12, 2025
Conferences
Health & Demography Conference 2025

Health & Demography Conference 2025

Feb 27, 2025
Conferences
Cyber Conference 2024

Cyber Conference 2024

Nov 11, 2024
Conferences
Climate Change & Environment Conference 2024

Climate Change & Environment Conference 2024

Oct 15, 2024
Conferences

Related Content

Programme on Regulation and Supervision 2025

Programme on Regulation and Supervision 2025

Sep 16, 2025
Conferences
Evolving Liability Conference 2025

Evolving Liability Conference 2025

Mar 24, 2025
Conferences
Economic Forum 2025

Economic Forum 2025

Mar 12, 2025
Conferences
Health & Demography Conference 2025

Health & Demography Conference 2025

Feb 27, 2025
Conferences
Cyber Conference 2024

Cyber Conference 2024

Nov 11, 2024
Conferences
Climate Change & Environment Conference 2024

Climate Change & Environment Conference 2024

Oct 15, 2024
Conferences
The Geneva Association

Subscribe to our updates

About us

Research topics

Publications

Events

Awards

News & Media

Contact us

Terms & Conditions

Follow us on social media

LinkedIn Instagram YouTube

© Geneva Association

Admin

INSURANCE FOR A BETTER WORLD