The (re)insurance industry must do more to prepare for what is generally accepted as the next major disruptive event: a mass cyber event.
Ransomware, as a risk, has been less of a concern than the topical 'zero click spyware' in recent years due to the introduction of specialist in-house digital security teams, particularly in larger corporates – which admittedly puts some smaller-and medium-sized firms at a disadvantage. It seems where risks are data-linked, the industry reacts well and prices policies accurately, although this is still yet to be managed reliably when linked to physical and more complex risks such as property damage. However, while cyber risk alone can be straight forward to price, most customers have little to no previous experience in buying cyber insurance, so are left unsure as to what they should and should not seek protection for. Particularly when steps can be made to manage some risks in-house through employee training programmes.
Another issue hindering the industry’s progress comes from innovation and the wave of new products that insurers have introduced to the market. This can have the adverse effect of creating confusion in the market due to a wider range of coverage options that customers cannot identify differences between.
The (re)insurance industry must look to greater cooperation between every component of the insurance value chain in order to prepare for the very likely major cyber disruption in the future.
In September, Apple issued emergency security updates to block ‘zero click’ spyware that could infect iPhones and iPads. “This silent way to hack a device is particularly alarming,” said Scott Field, head of international product strategy at Duck Creek, who warned that a financial institution could potentially be hacked in this way.