Cybersecurity can be scary and unknown, but people should be familiar with it so that they can make choices to protect themselves. The cybersecurity landscape has changed quickly in recent years, with auditors originally focusing on key fobs as an audit item, but now requesting policies and insurance coverage for ransomware attacks. Cybersecurity legislation also started to come into effect in 2022 and there has been growth in the cybersecurity market, which has seen a significant increase in investment and a rise in the number of cybersecurity start-ups.
People face challenges in managing their passwords with the average user now having almost 300 online accounts, creating a problem for password management. Problems arise from password re-use and writing them down or keeping them under computers. Multi-factor authentication (MFA / 2FA) is recommended, and becoming familiar with cybersecurity to avoid phishing attacks; and to be wary of suspicious emails, even if they appear to be from a trusted source. It is essential to encrypt email messages to ensure their privacy.
The approach to cybersecurity has changed, and organisations are moving from scare tactics to educating people about the risks. Organisations must educate employees about cybersecurity risks and how they can protect themselves from cyber attacks. This includes regularly updating software, using strong passwords, and avoiding clicking on links or opening attachments from unknown sources as well as reporting any suspicious activity to the IT department or the organisation’s security team.
While the threats faced by enterprises and consumers are similar, there is a significant gap in terms of the protection afforded to them. Enterprises invest more in cybersecurity and are now buying cyber insurance as a result, while small businesses and individuals are still largely unprotected and social engineering attacks are common among these groups. Cybercriminals target individuals and the head of households in order to access their credentials and steal their identities. According to forensic experts, small businesses have now become a top target for hackers since they are a softer target compared to large corporations that have become more secure.
P&C insurers can offer solutions to small and medium-sized businesses and individuals, and insurers should focus on educating individuals and businesses on how to protect themselves from cyber risks. Insurers should not only sell cyber insurance but also understand their clients’ specific exposures and speak to them in a language they can understand. It is important to build resilience against cyberattacks which can be achieved in multiple ways with good cyber hygiene and employee training being crucial. The economic impact of a major cyber attack could be significant, and while prevention is key, it is important to have insurance coverage in place to manage and mitigate the financial impact of cyber attacks.
There are various factors that underwriters consider when underwriting companies and households for cyber insurance and the process of underwriting can vary depending on the size and type of organization. Small businesses and personal lines customers often don’t have cyber insurance in place, and that there is a need for bulk underwriting to assess a book of business for cyber risk.
There has been a rise in cyber attacks, especially during the COVID-19 pandemic, and with this is a growing need for businesses to have a cyber insurance policy in place to protect themselves from financial losses and reputational damage. It is importance to have a partner that businesses can trust to help restore functionality and get businesses back up and running quickly after a cyber attack.
There are advantages of offering cyber insurance for insurance companies, including new business growth, generating more premium per customer, retention, customer loyalty, and customer satisfaction. Insurance companies need to stay up to date on cyber risks and work with cybersecurity companies to help minimise vulnerabilities and prevent cyber attacks from becoming larger issues.
There is potential for artificial intelligence (AI) and machine learning (ML) to help insurance companies better understand and manage cyber risks in the future. Collaboration between insurance companies, cybersecurity companies, and businesses is needed to create a more secure cyber landscape and mitigate the risks of cyber attacks.
Session speakers:
- Travis Nichols, Director of Information Security, Shelter Insurance (USA)
- Matt Cullina, Head of Global Cyber Insurance Business, Cyberscout, a TransUnion Brand (USA)
- Siobhan O’Brien, Managing Director, Cyber Centre of Excellence Leader, Guy Carpenter (UK)
- Lisa Gardi, Reinsurance Account Executive, Shelter Insurance (USA) moderator