The growing insurance demand for cybersecurity
The range and landscape of insurance risks is one that continually evolves, changing constantly over time.
What has become increasingly common in headlines in recent years is the threat of cyber-induced disruptions to people and organisations, often perpetuated by criminal gangs that strike, extort, and then disappear.
Consequently, re/insurers are strengthening their focus on this area.
At Swiss Re, Maya Bundt is cyber practice leader in the Group Cyber Center of Competence. She joined the 1.1 Club, Intelligent Insurer’s online, on-demand platform for one-on-one interviews with industry leaders, to talk about the growing need not only for companies to think about their cybersecurity, but of how they can be supported by insurers in this area.
“We have a global reach and a significant amount of people who look at cyber risk on a daily basis.” Maya Bundt, Swiss Re
Malicious acts
Of the recent trends in cybersecurity, Bundt says one of the most prominent has been ransomware.
“Ransomware is malicious computer code that could affect your systems and your data. If it gets into your network, it shuts down your ability to operate because you can’t access your data,” she explained.
“That data is encrypted, and you cannot work with it. What happens then is the attackers will ask for a ransom, mostly in cryptocurrency, and then they promise to give you a key so you can decrypt your data again. This has a huge impact on any organisation.”
The consequences radiate out from the initial attack, with the cost adding up from lost hours in the time spent to recover, as well as the material and reputational loss. Research from Unit 42, “Ransomware Threat Report 2021”, found that the average ransom paid within Europe, the US, and Canada had risen from $115,125 in 2018 to $3,112,493 in 2020. Additionally, the company Cybersecurity Ventures estimated earlier this year that the damage caused by ransomware around the world may cost $265 billion in the next 10 years.
A number of measures can be taken to prevent a ransomware attack. Good cyber habits, says Bundt, are key, along with ensuring valuable data is backed-up and stored safely.
“One of the most important things is training employees so that they can spot phishing emails, which are one of the main vectors of malware into an organisation's network.
Next to training employees and sound technical controls, organisations also need to prepare for the worst case. “The other thing that’s absolutely necessary is preparation. That includes backing up data and making sure that those backups are stored offline and that they are tested. Also, emergency response planning is important.”
For more content like this visit the Reinsurance Lounge
“There is an upper limit on the price that can be paid by the insured.”
Insurers can help
Bundt says Swiss Re’s global capacity and knowledge are a boon in this area.
“The benefit of Swiss Re is that we have a global reach and a significant amount of people who look at cyber risk on a daily basis. We are able to spot trends, we collect data from around the world and in different areas, and we try to make sense of it. The knowledge that we gain can then be used to support our clients with,” she said.
Specifically, Bundt says: “Insurance also helps practically, because most of the insurance policies come with additional services. Such services include incident response providers and other IT specialists that come in after the incident and help the affected organisation to manage through the emergency and come back to operating as fast as possible.”
On a wider note, Bundt sees a lot of movement in the industry, particularly around rates, which she says have increased by 30 to 40 percent this year already, and in some areas even more. This comes down to what she believes is a developing industry. And while those increases sound harsh and steep, they are an example of the agility of insurers to respond and react to emerging risks. But not everything is rate: insurers are also increasing their cybersecurity requirements for their insureds and steer their portfolios more actively.
Part of the reason that insurers have increased their rates, says Bundt, are the additional losses faced in the recent ransomware epidemic. As to whether those increases will continue, level off, or decline, she won't commit.
Price increases are not the only measure to reach a sustainable market, good cyber risk management is even more important.
“It depends on the threat landscape,” she explained. “If we are able to increase the overall societal cyber maturity, it becomes more difficult for companies to become victims. If there is more activity on the law enforcement side, on the diplomatic side, and with criminal gangs being held responsible, it may lead to a flattening of rates.
“There is an upper limit on the price that can be paid by the insured,” she concluded.
To view the full 1.1 Club session click here
