There is a confused approach toward the management of cyber risks with a lack of clear standards, a varied and technically heavy language and a rapidly evolving threat landscape –all leading to a ‘head in the sand’ attitude with many organisations.
Click here to read the full NewStatesman Spotlight Report on Cyber Security
The insurance industry is well placed to take a strong lead in the development and management of cyber risks. The costs of a cyber-attack can be crippling for many organisations where some relatively simple and cost effective measures could have prevented or mitigated the lasting effects of an attack.
Given that insurers are working with, and protecting, clients against Cyber risks they are well positioned to provide leadership and dialogue with various other stakeholders, notably the Government, to assist on developing future strategies and schemes such as Cyber Essentials.
Professionals throughout the insurance industry need to continue developing their IT security knowledge, keeping abreast of the developments which will alter underwriting approaches and risk management practices. It is a dynamic market with policy covers requiring regular amendments and one where brokers can help play a key role in development.
BGi.uk have developed a risk management package providing not just insurance covers but also secure online backup system and training package for clients’ staff. Phishing, social-engineering and ransomware are preventable threats but only if staff are aware of what they are and how to handle them.
Increasing awareness and training of staff is going to be pivotal in protecting organisations. This process has to be led by the C-Suite and they must adopt the stance that cyber security is not the just the domain of the IT department but something every connected member of the organisation has a responsibility toward. A knowledgeable broker is ideally situated to assist their clients with adopting a strong risk management protocol if it is not in place already.
Brokers should provide knowledgeable advice and where possible the tools to help their clients who have placed their other business risks, and much trust, in them. Insurers and brokers need to demonstrate an understanding of the risks facing clients and also to ensure that clients fully comprehend these risks. Whilst the news can be filled with stories of large businesses, multinationals and hospitals getting hacked too many organisations are taking a chance when it comes to securing themselves. The monetary costs and lost production time when dealing with an attack is lost value not only to the organisation but to the overall economy.
Transfer of the risk (Insurance) is a major tool in managing cyber risks but organisations need to first understand and then take ownership of those risks. The nature of business and the supplier cycle means that Insurance is becoming more of a requirement than an optional cover. Insurers therefore need to be clear with the cover that is provided, giving clear definitions in an area with an already mixed and often confusing terminology. The Insurance Act 2015 has altered the way Insurance is presented, sold and written. Buyers of insurance must be aware of and understand what it is they are purchasing and the exclusions and limitations of such cover. So ask more from your brokers and insurers, who have the knowledge and resources to help manage and mitigate your risks.
Given the reliance of the world on the internet to communicate and operate business, society requires a multi-tiered approach to Cyber Risk Management. Whilst the Government can lead in the development of national strategies some sectors, such as Insurance, must help provide leadership and knowledge. It is critical that we implement a basic level of security which will help protect from a naturally (and possibly necessarily) insecure internet service. A service that might be difficult to live with but one that we cannot live without.
Author: Sam Jones – Project Development Manager