Produced by:
Costly compromise…
It does sound quite apocalyptic, doesn’t it? But the truth is: the world has yet to see the most nightmare-ish scenario when to comes to the destructive potential of cyberattacks. And that’s because none of us knows yet what will happen when a major cloud supplier goes down. Experts say we’ve seen phase 1 – where data has been compromised, costing businesses millions. Take Equifax, for example. It saw a 34% drop in market capitalization in the week following the announcement. Not to mention other victims, such as Maersk and FedEx.
From catastrophe to chaos…
We’ve also witnessed phase 2 – that’s business interruption, whereby companies in the pharmaceutical or logistics sector, for example, who deal with goods and services, have been closed down for a week or more. But what will unfold, when billions of IOT devices across the globe are compromised? Experts warn that phase 3 will unleash chaos – and that’s why businesses from all industries need to up their game when it comes to being cyber-secure.
Increasing risk…
Cyber risk is, of course, changing with the implementation of new technologies. In our digitized, globally interconnected world, the number and types of devices needing watertight security has increased dramatically. Mobiles, tablets, IoT-enabled devices, combined with Artificial Intelligence and machine learning, all provide many entry points through which hackers can strike. In fact, cyber risk is already penetrating all aspects of our personal and business lives in the form of smart homes, factories, even cities. And it’s spanning many sectors – from manufacturing, infrastructure, transportation and government, to all types of commercial enterprises.
At a cost…
This increasing risk comes at a high price. Cybercrime has a direct GDP cost of at least $275 billion per year currently, according to researchers, RAND. All these challenges are causing headaches for CEOs, CTOs, CRMOs, and insurers, above all. It’s understandably become one of the most important risks to evaluate for insurance buyers, in particular, as cyber insurance moves from being niche, to an essential purchase for all businesses.
“Insurance plays a vital role in enabling technological and economic development, by sharing risk with clients,” according to Pascal Millaire, CEO of cyber analytics specialists, CyberCube. “If you look behind the biggest cyber events of the previous five years, enterprises have received payouts that are regularly in the double and triple-digit million dollars from cyber insurance policies; not to mention the support enterprises get from their insurers and the partners of their insurers in the event of a claim,” he adds.
The great IoT shift…
The Internet of Things is truly astonishing. We’ve moved from being able to collect information to collecting physical things. This shift is huge: it’s estimated that there will be up to 200 billion everyday objects connected to the Internet by 2020. This could unlock up to $11 trillion per year in value to the global economy by 2025, according to the McKinsey Global Institute. It brings with it tremendous physical and financial risks. The World Economic Forum’s recent Global Risks Report 2019 reveals that cyber-related threats rank among the most dangerous facing economies around the world today. The implications are also monumental for enterprises, according to Symantec’s CTO.
“The cyber threat landscape is becoming very challenging now. A lot of the infrastructure you operate on isn’t yours. Think about how many people are adopting the cloud, for example. We now have this expanded ecosystem that is beyond what was traditionally in your control, from an IT perspective. So, we need to manage that as enterprises and realise we’re not the gatekeepers for all technology. But we never can outsource responsibility for users and data,” says Hugh Thompson.
Pivotal power of data analytics…
Insurers aren’t new to assessing risks involved in new technologies. In the 1700s it concerned marine voyages; in the 1930s it was appliances; and then in the 1970s it had to do with workers’ compensation. However, there are new challenges today, such as the dynamics of the technologies themselves, and the risk being global in nature. This new understanding is not confounded by a lack of data. In fact, 90% of data in the world has been created in the last two years alone.
“Having devices and control systems connected to the internet creates massive single points of failure that can spawn systemic risks across industries and geographies simultaneously. On a consumer goods level, the development of the automated vehicle, for example, brings these vulnerabilities to the fore. An exploitable vulnerability in a navigation system could send cars off route toward targets – effectively turning them into weapons. On an industrial level, the ability to control power plants and the supply to a city or region is increasingly wielded over the internet. As was demonstrated in 2015 in Ukraine when the power grid was successfully compromised by hackers,” warns Pascal Millaire.
Making sense of the right source…
Amidst all the noise, then, what’s important is firstly getting access to the right source of data, and secondly making sense of it. That’s no easy task, and an inability to do these things means many insurers don’t have the tools they need to effectively underwrite and model cyber risk at the moment. However, if used wisely, data analytics are providing the digital means for insurers to underwrite, price and mitigate risk, before claims have been made.
In this way, CyberCube is partnering with some of the largest cyber insurance companies – including Chubb, CNA and Munich Re – to help them offer meaningful solutions to their clients. Munich Re’s Chief Underwriter, Stefan Golling says: “Leveraging the capabilities of CyberCube will help our underwriting and risk modelling teams in better quantifying cyber risk and understanding potential cyber accumulation scenarios.”
Expect the unexpected…
As the world awaits a ‘phase 3’ scenario, the cyber insurance market is also on tenterhooks for a major catastrophic loss. These days it’s a case of when, not if. When it does happen, the financial stability of certain insurers will be shaken to the core. However, those who use data-driven tools will have a deepened understanding of this rapidly evolving risk and therefore a huge advantage when it comes to managing cyber aggregation. These vital strategies will be the key to creating resilient global businesses that are fit for the future.
