Episode 158: How NotPetya has Insurers grappling with Systemic Cyber Risk

In this episode of the The Security Ledger podcast (#158): the NotPetya malware outbreak in 2017 raised red flags about the potential for malware to pose systemic risk to insurers: affecting broad swaths of the economy. We talk to Bruce McConnell of the East West Institute about how insurers are responding.


NotPetya spread across Europe and North America at lightening speed. It was one of the most expensive malware attacks of all time: with damages totaling $10 billion. And, for companies impacted, it was impressively damaging: halting production lines and operations at global corporations in shipping, pharmaceuticals and manufacturing. one of the most virulent malware attacks ever.

Read Security Ledger coverage of NotPetya here.

But NotPetya was important for other reasons, as well. It exposed gaps in traditional approaches to information security. For industries like insurance, NotPetya underscored the prospect of “systemic cyber risk”: the ability of a malware, believed to be of Russian origin, to cause ripple effects that could spread beyond its immediate victims and throughout an economy.

Bruce McConnell is the Executive Vice President at the East West Institute

NotPetya’s rapid spread from small Ukrainian firms to some of the biggest companies in the world and the disruption it caused hinted at the kinds of ripple effects a devastating malware outbreak could have if it targeted a commonly used software component or a major services or infrastructure provider. 

To better understand what systemic cyber risk is all about and how the insurance industry is taking steps to address it, we invited Bruce McConnell, the Executive Vice President of the East West Institute into The Security Ledger podcast to talk. East West has authored a report : Cyber Insurance and Systemic Market Risk—to provide a framework to better understand and address the systemic nature of cyber risk and the challenges it presents to the burgeoning cyber insurance industry. 

In this interview, Bruce and I talk about the growing specter of systemic cyber risk and how insurance companies are adapting to that risk. 


As always,  you can check our full conversation in our latest Security Ledger podcast at Blubrry. You can also listen to it on iTunes and check us out on SoundCloudStitcherRadio Public and more. Also: if you enjoy this podcast, consider signing up to receive it in your email. Just point your web browser to securityledger.com/subscribe to get notified whenever a new podcast is posted. 

We want to hear your thoughts! Leave a reply.

This site uses Akismet to reduce spam. Learn how your comment data is processed.