Understanding and measuring cyber risk
Simon Campbell-Young, CEO of MyCyberCare.
Although the vast majority of organisations are turning to digital technologies to boost their brand and increasing their online presence, only a tiny percentage of businesses have cyber insurance policies in place.
All stakeholders in the insurance sector are affected by information security and the risk of breaches. Digital transformation and innovative technologies that harness machine learning, analytics and artificial intelligence to make businesses more efficient and improve decision making lie on one hand. On the other hand, there is an increasing risk of cyber attacks, running the gamut from online fraud and advanced threats to phishing attacks.
Simon Campbell-Young, CEO of MyCyberCare, says there is an opportunity for brokers to broaden their portfolio of solutions, and offer cyber insurance to their clients, allowing them to transfer those security risks.
“However, measuring and understanding cyber risk can be complex and overwhelming for traditional insurance companies. On the one side, there is the pressure to comply with new and increasingly stringent legislation, such as the Protection of Personal Information (POPI) Act, on the other hand, they have to be able to effectively underwrite cyber risk. This requires collaboration between risk and opportunity, and the involvement of stakeholders, both internal and external,” he explains.
“The more connected a business is, the more its most private and confidential customer data is at risk. However, organisations simply don’t view cyber insurance as a priority, and brokers are playing a role in that perception.”
He says cyber insurance isn’t being properly sold to customers. “The fact is, too many brokers do not understand, and can’t identify risks that are not covered by general liability policies, specifically issues such as like cyber fraud, advanced attacks and ransomware.”
When cyber crime comes to mind, organisations think of a dodgy underground of hooded hackers infiltrating a businesses’ network to steal valuable information, or committing cyber espionage. “This isn’t the case. Cyber criminals often look for the ‘low hanging fruit’ and turn to other means, such as ransomware as a fairly effortless and hugely profitable alternative,” Campbell-Young says.
And irrespective of your type of business, losing access to your business data, be it patient information, billing systems, financial credentials, credit card numbers, or customer information, can be fatal. “Brokers need to be able to identify the areas of risk and then formulate an appropriate cyber policy to meet that risk. The best way for them to do this is to partner with a reputable cyber insurance provider who already understands the risks, and has solutions readily available to meet all possible needs.”
Correctly and adequately underwriting cyber insurance is a difficult talk. “There are many different risks in the cyber security sphere. Brokers need a good understanding of cyber risk and transferring that risk effectively is crucial.”
Moreover, he says digital innovation and the associated risks will grow and change far more quickly than traditional types of risk, so seizing the cyber insurance opportunity means having products and policies that are nimble and flexible, and able to adapt in a marketplace that is undergoing dramatic change as a constant.
