“Basic housekeeping” should come before buying cyber insurance
Cyber attacks like the ransomware dubbed ‘WannaCry’, which has hit hundreds of thousands of businesses around the world in recent months, have highlighted that businesses must first properly understand and assess the risk before they purchase the necessary insurance, according to Julia Graham, deputy-CEO and technical director at Airmic, the UK’s risk management association.
Speaking ahead of Airmic Conference 2017 in Birmingham, UK, Graham suggested that basic preventative measures such as backing up files or relaying information to a managerial level often work well as risk management techniques and should be considered a priority.
“Cyber is an insurance business that has come of age,” Graham said. “But don't forget that you should assess the risk first and buy insurance second. I think one of the problems with cyber is that it has worked the other way around for a while.”
Rather than an attack on specific business, the ‘WannaCry’ ransomware was an attack on any machine in any business that the virus found vulnerable, Graham noted.
The UK’s National Health Service was badly affected but the virus also found vulnerabilities in the likes of commercial organisations such as FedEx in the US and German railway operators.
“I think it’s partly a cultural issue – they think that it’s never going to happen to them, or they don't need to do this because it’s not going to affect them, or that they’ll do it next week and they don't get round to it. Some basic housekeeping could have saved them a lot of grief,” Graham said.
Over 50 percent of Airmic members still don’t buy cyber insurance, the main reason quoted being that decision makers are often persuaded by their technology and information colleagues to spend the money on controls instead.
Graham suggested that the market has not had meaningful capacity in previous times, and what was available was expensive.
But she believes this is changing.
“We're issuing a new paper at our conference on cyber where we are saying - well actually, the world has moved on,” Graham said. “And if you look at capacity levels, some broker programmes they do $600 million. Some individual insurers will take up to £50 million.”
She suggested that people have got more sophisticating in assessing cyber risk, assessing what cover they’ve already got, and therefore only buying where they’ve got a gap.
“And I think insurers are very canny in the way that they are developing value-added benefits to their policies, things like media support, or data breach response, legal support,” she continued.
Proposal forms are also getting shorter, as she suggested that insurers are resisting the temptation to ask you everything, and only asking what you need.
As it continues to mature, Graham expects the market to expand significantly.
“I can't blame the insurance industry,” she said. “They saw an opportunity and they went for it. It's like with anything in life, if you go in for an opportunity and you're not ready to convert it, it might not be the best idea.
“I think the lessons that people can take away from this is that do the basics, which are educate your people, tell them how important it is, reward good behaviour, don't reward bad behaviour, make sure the board have good metrics and know how things are going. Then, you're half way to dealing with the issues. They're not all rocket science.”
Today’s stories
Many board-level risks are still not insurable: Airmic CEO
Open-loss modelling “significant as first cat models” says pioneer
Liberty reveals next boss of aviation reinsurance
Lloyd’s Syndicate 1110 placed into run-off
Heerasing leaves XL Catlin to join ACR Capital as deputy CEO
Compre to buy Irish captive insurer Equinox CA Europe
XL Catlin taps senior casualty underwriter from Zurich Australia
Did you enjoy reading this story? Sign up to our free daily newsletters and get stories like this sent straight to your inbox.
Already registered?
Login to your account
If you don't have a login or your access has expired, you will need to purchase a subscription to gain access to this article, including all our online content.
For more information on individual annual subscriptions for full paid access and corporate subscription options please contact us.
To request a FREE 2-week trial subscription, please signup.
NOTE - this can take up to 48hrs to be approved.
For multi-user price options, or to check if your company has an existing subscription that we can add you to for FREE, please email Elliot Field at efield@newtonmedia.co.uk or Adrian Tapping at atapping@newtonmedia.co.uk
Editor's picks
Editor's picks
More articles
Copyright © intelligentinsurer.com 2024 | Headless Content Management with Blaze