Connect with us


Modernizing Cyber Underwriting to Turn Risk into Resilience?



Modernizing Cyber Underwriting to Turn Risk into Resilience?

In Vegas, there are no sure bets. The global cyber insurance industry, however, comes close when you’re talking about expansion and growth.

According to MarketsandMarkets research, the global cyber insurance market is set to grow from $11.9 billion in 2022 to $29.2 billion by 2027. Reasons include more sophisticated cyber-attacks, increasing potential of financial losses and more complex regulatory compliance. Some areas of business are more vulnerable than others. Industries topping the list with the most cyber insurance claims include manufacturing, financial services and healthcare, plus all highly regulated industries. Cyber-attacks are on the rise with ransomware increasing by 93% in 2021. 

As demand increases so too will new questions like: how do you price cyber risk? What do you cover? What do you not cover? 

On this point, we turn to Swiss Re, a reinsurance company based in Zurich, Switzerland. According to its research arm, the Swiss Re Institute, “reported cyberattack incidents have grown five-fold since 2016, with monetary estimates of global losses around $945 billion.” 

It makes sense.

Claims, Demand, Need for Cyber Insurance Rises on a Global Scale

While the need arises, reinsurance and insurance markets have limited capacity and systemic risk potential when it comes to cyber insurance. According to Swiss Re’s research, cyber insurance falls short of meeting the characteristics of insurability we are familiar with today.

This does not mean; however, insurers have no role in helping businesses protect against cyber risks. Demand is high as both our lives in the digital world and the threat landscape expands exponentially. In its research, Swiss Re experts found the cyber insurance market has reached $10 billion in 2021 (a 30% growth since 2017). Brokers are finding claims skyrocketing with premiums rising right alongside heightened demand. Swiss Re predicts the market to grow to $23 billion by 2025, further confirming the research mentioned earlier.

In his blog, “Cyber Resilience – A Vital Concept in Today’s World,” Swiss Re Chairman of the Board of Directors Sergio Ermotti points out the two-edged sword accompanying digital risks: there will never be 100% security so the mandate is to both protect and be prepared for a cyber event. I agree with his point that insurance is only one part of the solution.

Ensuring Cybersecurity is Evolving Quickly

As cyber insurance solutions grow alongside rising risk, Swiss Re is pioneering the building blocks of cyber insurance by re-examining underwriting procedures, enhancing underwriting requirements and pricing for cyber exposures in property and liability policies, clarifying vague terms and conditions, and better defining limits in cyber policies. Separating pricing for attritional losses from potential catastrophic events is an additional improvement the company feels will add transparency and capacity to the market. 

We all know what car coverage we have (even if the print is sometimes small!). The first automobile policy came out in 1897, giving auto insurance more than a century of maturity. Cyber insurance is in its infancy. How should coverage be defined? Possibilities include: 

  • Costs associated with a data breach, virus, cyber-attack

  • Network virus or other cyber-attacks, privacy events and network security breaches

  • Network business interruption

  • Media liabilities

  • Reimbursable expenses such as investigation

  • Business losses

  • Lawsuits and extortion

  • Costs associated with privacy and notification

I also believe we all have a great deal of say in how this plays out too. Things we can be doing include:

  • Reframing and being realistic about how we perceive risk now and in the future

  • Becoming educated on cyber hygiene

  • Taking an active role to standardize risk with a common language

  • Understanding disclosure requirements

  • Developing strategic cloud capabilities

Swiss Re helps us “see” the threat landscape with its digital trust pyramid, inspiring us to standardize digital trust and risk – from access to the internet all the way up to human interaction. 

As data within the insurance industry increases, the digital trust pyramid amplifies my core belief that real growth lies at the crossroad of humanity and technology.

Guard is Down for Many SMEs

Swiss Re’s commercial insurance arm Corporate Solutions (Corso) has a solution that addresses the unique risk factors for organizations between 10 and 250 employees called CyberSolutions 360o insurance coverage. In partnership with OZON’s integrated cyber protection services, it is both a cyber service and cyber insurance. 

This dual approach underscores Ermotti’s points that protection includes being prepared for cyberattacks. 

What’s Next

What brought us to this point will not bring us forward. Cybersecurity is a moving target; it is, in a sense, elusive. We learned an important lesson from the pandemic: make no assumptions because the unimaginative might be right around the corner. This is true for people in a connected world yet unfolding. 

As Swiss Re advances the societal benefits of digitalization, I will be on the edge of my seat to see how businesses regard cyber resiliency as a business priority. 

In a digital-first world, how do you think modernized cyber underwriting will turn risk into resilience?

Source link


On email security in the era of hybrid working



Cloud Computing News

With remote working the future for so many global workforces – or at least some kind of hybrid arrangement – is there an impact on email security we are all missing? Oliver Paterson, director of product management at VIPRE Security, believes so.

“The timeframe that people expect now for you to reply to things is shortened massively,” says Paterson. “This puts additional stress and pressure on individuals, which can then also lead to further mistakes. [Employees] are not as aware if they get an email with a link coming in – and they’re actually more susceptible to clicking on it.”

The cybercriminal’s greatest friend is human error, and distraction makes for a perfect bedfellow. The remote working calendar means that meetings are now held in virtual rooms, instead of face-to-face. A great opportunity for a quick catch up on a few emails during a spot of downtime, perhaps? It’s also a great opportunity for an attacker to make you fall for a phishing attack.

“It’s really about putting in the forefront there that email is the major first factor when we talk about data breaches, and anything around cyberattacks and ransomware being deployed on people’s machines,” Paterson says around education. “We just need to be very aware that even though we think these things are changing, [you] need to add a lot more security, methods and the tactics that people are using to get into your business is still very similar.

“The attacks may be more sophisticated, but the actual attack vector is the same as it was 10-15 years ago.”

This bears true in the statistics. The Anti-Phishing Working Group (APWG) found in its Phishing Activity Trends Report (pdf) in February that attacks hit an all-time high in 2021. Attacks had tripled since early 2020 – in other words, since the pandemic began. 

VIPRE has many solutions to this age-old problem, and the email security product side of the business comes primarily under Paterson’s remit. One such product is VIPRE SafeSend, which focuses on misaddressed emails and prevents data leakage. “Everyone’s sent an email to the wrong person at some point in their life,” says Paterson. “It just depends how serious that’s been.”

Paterson notes one large FMCG brand, where a very senior C-level executive had the same name as someone else in the business much lower down. Naturally, plenty of emails went to the wrong place. “You try and get people to be uber-careful, but we’ve got technology solutions to help with those elements as well now,” says Paterson. “It’s making sure that businesses are aware of that, then also having it in one place.”

Another part of the product portfolio is with EDR (endpoint detection and response). The goal for VIPRE is to ‘take the complexities out of EDR management for small to medium-sized businesses and IT teams.’ Part of this is understanding what organisations really want. 

The basic knowledge is there, as many organisational surveys will show. Take a study from the Enterprise Security Group (ESG) released in October in terms of ransomware preparedness. Respondents cited network security (43%), backup infrastructure security (40%), endpoint (39%), email (36%) and data encryption (36%) as key prevention areas. Many security vendors offer this and much more – but how difficult is it to filter out the noise?

“People understand they need an endpoint solution, and an email security solution. There’s a lot of competitors out there and they’re all shouting about different things,” says Paterson. “So it’s really getting down to the nitty gritty of what they actually need as a business. That’s where we at VIPRE try to make it as easy as possible for clients. 

“A lot of companies do EDR at the moment, but what we’ve tried to do is get it down to the raw elements that every business will need, and maybe not all the bells and whistles that probably 99% of organisations aren’t going to need,” Paterson adds.

“We’re very much a company that puts a lot of emphasis on our clients and partners, where we treat everyone as an individual business. We get a lot of comments [from customers] that some of the biggest vendors in there just treat them as a number.”

Paterson is speaking at the Cyber Security & Cloud Expo Global, in London on December 1-2 around the rising threat of ransomware, and how the security industry evolves alongside this threat. Having a multi-layered approach will be a cornerstone of Paterson’s message, and his advice to businesses is sound.

“Take a closer look at those areas, those threat vectors, the way that they are coming into the business, and make sure that you are putting those industry-level systems in place,” he says. “A lot of businesses can get complacent and just continue renewing the same thing over and over again, without realising there are new features and additions. Misdelivery of email is a massive one – I would say the majority of businesses don’t have anything in place for it.

“Ask ‘where are the risk areas for your business?’ and understand those more, and then make sure to put those protection layers in place to help with things like ransomware attacks and other elements.”

(Photo by Cytonn Photography on Unsplash)

Want to learn more about cybersecurity and the cloud from industry leaders? Check out Cyber Security & Cloud Expo taking place in Amsterdam, California, and London.

Explore other upcoming enterprise technology events and webinars powered by TechForge here.

Source link

Continue Reading

Subscribe To our Newsletter
We promise not to spam you. Unsubscribe at any time.
Invalid email address