The pandemic has significantly altered the cyber-risk landscape, amplifying existing issues and posing new challenges for re/insurers. Ahead of an Intelligent Insurer webinar on the topic, Darren Thomson, head of cyber security strategy at CyberCube, discusses the challenges and opportunities faced by the industry.
The COVID-19 pandemic has forced organisations to adopt new models of working, with a strong focus on working from home. This has led to a significant increase in cyber-attacks.
From vulnerabilities in the virtual private network (VPN) servers that employees use to access work files and applications to a delayed response from security teams that are also working remotely, there are numerous ways in which organisations’ online security is being challenged.
Besides the issues around working from home, there has been a spike in opportunistic phishing and ransomware attacks as attackers use COVID-19 as bait to impersonate brands and other organisations.
As cyber risk increases and evolves, re/insurers have to keep pace. This topic is a key focus for CyberCube, a cyber risk analytics platform that uses data and analytics to solve cyber risk problems in insurance. On July 16, CyberCube will take part in an Intelligent Insurer webinar titled Cyber Risk and COVID-19: Managing Cyber Risks Arising from the Pandemic.
Here, Darren Thomson, head of cyber security strategy at CyberCube, discusses why this topic is so important, and where the challenges and opportunities lie for re/insurers.
Question: Why are the new risks emerging from the pandemic so interesting?
Darren Thomson (DT): During the webinar we plan to explore how we can identify, quantify, mitigate or transfer new risks posed by COVID-19 in a period of such fast-paced change and uncertainty. The insurance markets need to be mindful of these changes and the businesses that they serve must adjust to risk management approaches in line with the new norms that exist and will continue to evolve for years to come.
Q: What sorts of cyber risks are people now seeing?
DT: The pandemic has exposed new entry points for cyber criminals to gain access to systems, exploit distracted individuals and potentially wreak havoc through new critical infrastructures. We should expect the sophistication of social engineering lures, attacks on emerging cloud applications and infrastructures, and home networks to increase in line with new working practices. There will be increased vulnerability to both opportunistic cyber-attacks - such as social engineering that exploits distracted home-workers - and attacks of a systemic nature with concentrated reliance on cloud-based applications and the infrastructures that host them.
Q: How is the re/insurance industry responding to these?
DT: The uncertainty presented by the COVID-19 pandemic, and the potential for increased cyber claims because of vulnerabilities introduced by a rapid pivot to a fully remote workforce, has propelled insurers to take stock of capacity deployment, attachment point and rates.
Q: What do you think the re/insurance industry needs to do to tackle this evolving risk landscape?
DT: As the pandemic situation continues to play out over the coming months, it is imperative that cyber risk analysts and catastrophe modelers are acutely tuned into the changing threat landscape to model and analyse the risks of yesterday, today and tomorrow.
Q: What are the opportunities for the industry and how does CyberCube fit into this picture?
DT: Those who can work from home, are doing so in unprecedented numbers. This trend will create new norms that offer opportunities to insurers and businesses as well as weaknesses that can be exploited by cyber attackers on a vast scale.
CyberCube is creating financial models to quantify cyber risk. For cyber insurance accumulation modelling, model stability is critical. While cyber risk is dynamic in nature, catastrophe and accumulation modelling for insurance, by contrast, tends to be more static.
We are actively monitoring leading signal and benchmarking data during the pandemic that can later be used to quantify exposures for a given company or subset of companies (microsegments) and learning how these various micro segments are performing in this new environment.
Q: What topics do you expect to be covered in the upcoming webinar?
DT: The changes to our digital landscape that have been encouraged by the COVID-19 pandemic and subsequent social distancing measures will be covered. Other topics will include the breadth of possible long-term economic effects of the pandemic, including supply chain reconfigurations, recession-related impacts and government policy adjustments. However, we will focus mainly on the pronounced shift of the employed to working from home during and post COVID-19.
Q: What do you hope people will take away from the webinar?
DT: The changing dynamics that now exist in the areas of home-working, online retail and use of cloud computing (to name just three) have changed for the longer term in our view and this, in turn is creating a new landscape of cyber risk. The insurance markets need to be mindful of these changes and the businesses and individuals that they serve must adjust to risk management approaches in line with the new norms that exist and will continue to evolve for years to come. We hope they will get some understanding of the lasting changes to the way in which people are likely to live subsequent to the pandemic.
Darren Thomson will be speaking on our upcoming webinar: 'Cyber Risk And Covid-19: Managing Cyber Risks Arising From The Pandemic', taking place on Thursday July 16 at 4pm BST/11am EST.
Jacob Ingerslev, head of global cyber risk, The Hartford
Jon Laux, head of cyber analytics, Aon Reinsurance Solutions
Moderator: Claire Churchard, deputy editor, Intelligent Insurer
COVID-19, cyber, risk, pandemic, webinar, CyberCube, insurance, Darren Thomson, phishing, ransomware attacks, re/insurers, virtual private network, market