The role of the insurer has evolved over the years, from one who simply offers protection, to one that tailors solutions specific to the needs of individuals and businesses, and offers support should an event occur. This is particularly true in terms of cyber insurance, where organisations of all types and sizes, and even individuals in their personal capacity, are battling to come to terms with the slew of threats they are facing.
The variations we see in cyber-attacks against organisations are different for each sector, and are constantly evolving, becoming more complex and sophisticated. “Financial services are targeted from organised crime, with the aim of stealing money. Large contractors who build anything from aeroplanes to expensive machinery are at risk from cyber espionage. Retailers who handle thousands of customers’ personal banking information are a target for advanced attacks aimed at stealing credentials, and the healthcare sector has recently seen itself a target of ransomware and DDoS attacks,” says Simon Campbell-Young, CEO of MyCybercare.
“Advancements in technology have seen a whole new range of threats target today’s organisations. And not just physical threats to assets: Intangible threats to reputation and good name that are simply not considered in standard insurance policies, which leaves companies vulnerable to the catastrophic impact of a breach.”
Cyber insurance used to focus on digital assets only, such as consumer data, he explains. “However, with the scale, frequency and fallout of attacks growing every day, insurance companies who traditionally only covered the expected assets, are adding cyber insurance to their offerings. Necessity is the mother of invention, and there is a massive need for this kind of insurance these days.”
Insurance companies are now offering coverage beyond digital assets, to include areas such as reputation, intellectual property, disaster recovery and business interruption. “However, this isn’t straightforward, as it is very hard to adequately assess damage and measure risk in all of these instances. Insurers are battling to manage the complexity of modelling and pricing risks of this nature.”
Of course this is a huge opportunity for insurance businesses, but it’s also a significant challenge. “It’s no longer about offering a simple product. It’s about managing risks, responding to incidents, and even preventing them. Clever insurers are forming teams to focus only on this type of insurance, but they need to take this a step further. To truly understand the risks, and make sure their products are comprehensive enough, they need to adapt the very structure of their businesses to ensure that cyber is integrated into everything they do.”
They should look at bringing together all the elements that encompass the term ‘cyber risk’. This includes cyber risk modelling, crisis management, reputation management, digital platforms – the list is endless, says Campbell-Young. “What is needed is a shift in focus from assets to the dangers themselves.”
Traditional insurance players are increasingly waking up to the fact that that cyber risk is much more than a data breach. New digital technologies such as automation, IoT and AI, are coming hand in hand with a vast array of new threats that will naturally impact any current insurance cover. “Stolen data, system failure, network damage, theft and similar – the list goes on. What we do know is that today’s environment presents insurers who offer comprehensive cyber insurance with an opportunity to take market share,” he concludes.