Insurance Industry Can Set Standards on Cyber Security as World Digitizes, Impacting Society

In a world increasingly exposed to technology-based threats, the global insurance industry is well-positioned to play a greater role in rewarding those organisations that take cybersecurity seriously. This is the call from leading cyber analytics company CyberCube in a report timed for release to coincide with the World Economic Forum annual meeting in Davos, where its chief executive participated.

Pascal Millaire, Chief Executive Officer of CyberCube, outlined in discussions in Davos that in addition to offering beneficial terms to organisations demonstrating best practice in cyber security, insurers must work closely with governments to help enforce minimum security standards.

He also argued that insurers could help clients reduce cyber losses by sharing information they gain from managing large volumes of cyber claims. Insurers were also well-placed to offer approved vendor cybersecurity schemes.

Furthermore, businesses need to think differently about how they approach cyber risk. Rather than viewing it as an issue for their IT departments, they need to address it across their entire organisational structure in a much more holistic way.

CyberCube is one of the leading providers of cyber risk analytics to the insurance industry. Its report, Understanding the Societal Impact of the Fourth Industrial Revolution and The Role of Insurance, explores society’s growing vulnerability to digital risks and the steps the insurance industry can take to address the threat.

The report notes that the arrival of 5G networks being rolled out around the world will provide criminals with faster and wider access to critical infrastructure and associated online services. As 5G becomes widespread, larger data packages will facilitate easier and more impactful cyber attacks without any geographic boundaries.

Pascal Millaire explained: “For centuries, the insurance industry has been the key to unlocking the economic potential of new technology. Part of this has always been insurers’ ability to drive improvements in safety and regulation. That ability will be critical as global cyber risk increases.

“We’re at a point at which the global economy is racing to digitise services and product offerings. This has far-reaching implications for society. With the exponential rise in the connected economy, there is a huge opportunity for both innovation and exploitation. As tangible and intangible items become hyperconnected, the implications of failing to get security and privacy right have much bigger consequences than they did in the past.

“Given the risks attributable to cyber can never be reduced to zero, insurance provides a way to transfer some of an organisation’s cyber risk. For a company spending $20 million on cyber security, it is appropriate to ask whether that company is best served by spending an incremental $1 million on more cyber security or by buying cyber insurance, when a holistic risk management lens is considered.”

The report highlights a range of digital threats including disruptive cyber attacks, ransomware, as well as the targeting of infrastructure and transportation systems. Electoral systems are also vulnerable, as was demonstrated in the Ukrainian elections of 2014.

Pascal Millaire was taking part in a workshop at Davos titled ‘Market Incentives for Secure and Responsible Innovation’. He was invited to attend as CyberCube was named by the World Economic Forum as one of its Technology Pioneers in 2019. Technology Pioneers are early to growth-stage companies from around the world that are involved in the design, development, and deployment of new technologies and innovations, and are poised to have a significant impact on business and society.

The report notes that $1.25 trillion was spent on digital transformation globally last year, a figure projected to rise to $1.97 trillion by 2022.

The use of models to simulate cyber threats and assess their financial and societal impact will be a useful tool. CyberCube’s models are already used by a range of insurance businesses to analyse and stress test their portfolios of cyber insurance.

Cyber poses a clear and present threat today to the highest levels of business but more work is needed on data collaboration, with standards being a starting point: One mantra often heard in cyber circles is that cyber risk should be a business issue, not an IT issue. I can confidently say without reservation, it is a business issue at the highest levels of the world’s largest corporations. I cannot recall a single conversation with a business leader whereupon my introduction they did not believe cyber risk was critical to their business today. Whether the nature of the risks were well understood or appropriately disclosed in a manner that was comprehensive, comprehensible and useful, especially at the Board level, was another matter. Certain consulting leaders claimed to have “cracked the code” on board reporting. Even if they are right, we have a long way to go to make the issue more comprehensive, comprehensible and disclosed in standard formats. This is particularly important for Boards to undertake their governance responsibilities effectively.”

– Pascal Millaire, CEO, CyberCube
from Davos: Six Takeaways and One Overarching Theme via insights.cybcube.com