Cyber security poacher turned gamekeeper identifies critical new threats

All encryption could become obsolete in just five years unless new risks are addressed, warns the CEO of DynaRisk.

Who better to head up a cyber defence organisation than someone who once spent their days cracking codes and hacking into systems?

Former hacker, now DynaRisk chief executive officer, Andrew Martin spoke exclusively to Intelligent Insurer about strengthening cyber defences and how emerging technologies are beginning to challenge today’s cryptographic protections.

“One of the broader, long-term risks lies in quantum security,” Martin explained. “In just four or five years, quantum computing could break nearly all the encryption methods we currently rely on.”

It’s a stark warning that underscores the need for insurers to evolve their strategies well before the quantum era becomes a reality. “This is something the industry needs to watch closely,” Martin cautioned.

Today’s encryption standards are the backbone of everything from financial transactions to personal data protection. If quantum computers reach their full potential, these systems could be rendered obsolete almost overnight, posing profound risks to individuals, businesses and national security.

For reinsurers, the window for action is rapidly closing. “While the core tools and tactics used by hackers haven’t changed much,” Martin noted, “AI and quantum computing are set to dramatically accelerate the scale and speed of attacks.”

Digging beyond the checkbox

Multi-factor authentication (MFA) is another critical area demanding urgent attention. While many organisations claim to have MFA in place, the reality often falls short – especially across third parties and supply chains, Martin warned.

“An application form might just have one tick box asking, ‘Do you have MFA?’ But in practice, there could be 20 different portals that each require it,” he explained. “It’s not just about having MFA – it’s about having it everywhere: across email systems, customer portals, staff access points and more.”

Martin also raised concerns around the lack of transparency and rigour in third-party risk assessments. “Often, insurers list just a handful of suppliers on forms, and there’s no clear indication that these companies have been thoroughly vetted,” he said. “Visibility into third-party risk is essential. It’s the specificity of responses in risk assessments and questionnaires that will truly move the industry forward.”\

As an example, he pointed to the importance of asking whether backups can replicate or store critical systems – such as online order processing platforms – to help prevent major business interruptions. This is especially relevant in the light of recent incidents such as the cyber-attack on Marks & Spencer, which reportedly led to hundreds of millions of pounds in losses.

Martin also flagged the increasing sophistication of impersonation attacks, fuelled by advances in AI. “We’re seeing a rise in the use of valid stolen credentials to access systems,” he said. “There are even cases of hackers creating fake passport documents that pass KYC checks or using AI-generated deepfakes with alarming success.”

These attacks are not only harder to detect – they’re becoming far more convincing and effective. “Anything that can be impersonated is going to be a major area of concern,” Martin warned.

“We need dynamic threat data that reflects a company’s real-time security posture.”

Active risk management is a win-win

For insurers, it’s time to modernise risk assessment frameworks and underwriting practices to reflect the evolving cyber threat landscape. Traditional models – based on static questionnaires and annual updates – are increasingly inadequate.

“We need dynamic threat data that reflects a company’s real-time security posture,” Martin said. “A business might be highly vulnerable to a cyberattack one month but have resolved the issue the next. Static data just can’t keep up.”

DynaRisk is leading this shift, using extensive datasets and advanced analytics to surface high-risk indicators across the global digital ecosystem. “We monitor 40 to 50 million companies and domain names worldwide,” Martin explained. “And 99% of those we scan have some level of threat intelligence or hacker chatter linked to them.”

But identifying risks isn’t enough – it’s about prioritising what matters. “We focus on finding the needles in the haystack – the 1-2% of companies facing severe threats, like stolen credentials for critical systems,” he said.

This shift also signals the end of passive, paperwork-based cyber insurance. “No one wants to buy a PDF of a policy and file it away any more,” Martin observed. “Clients expect proactive protection.”

Forward-thinking insurers are responding by embedding active cyber risk management tools into their offerings – from vulnerability scanners and phishing simulators to dark web monitoring. These tools provide baseline protection and help clients continuously manage their risk exposure.

Looking ahead, Martin remains optimistic about the sector’s growth. “I’m excited about the opportunities in cyber insurance and adjacent areas like tech and D&O, where cyber is becoming increasingly central,” he said. “There’s also huge potential in consumer lines and SMEs, both domestically and globally. It’s just a matter of time and strategic focus.”

His message to the industry is clear: “We’re not becoming safer – at least not yet. But with the right strategies and partnerships, insurers can protect themselves and play a pivotal role in the broader fight against cybercrime.”

Did you get value from this story? Sign up to our free daily newsletters and get stories like this sent straight to your inbox.