Insurers’ cyber risk vulnerabilities laid bare

Cyber risk is increasingly becoming a worry for insurance companies as the industry accelerates the digitization of the business, according to a Boston Consulting Group (BCG) report.

In addition to growing digitisation, the consultancy noted that more sophisticated hacker techniques and the growing volume of highly confidential customer information that’s available through online systems is adding to the industry’s vulnerabilities.

In conjunction with increasingly strict regulations on data privacy, the insurance sector needs to rethink its cyber risk management model, according to BCG.

Cyber risk was barely on insurance companies’ radar screens a decade ago. But as insurers evolved to meet customers’ emerging demands in terms of digital offers and online services, and as they modernized their operations, it was inevitable that they would expose themselves to some new areas of risk, BCG said.

The cyber risk threat for insurers is increasing as attacks are on the rise.

The number of reported records breached globally jumped by 73 percent to 1.9 billion in 2016 compared to 2013. At the same time, the number of reported cyber-attacks increased 58 percent to 1,900 over the period.

News on cyber-attacks are reaching greater audiences, potentially tarnishing the company’s reputation. Cyber-attacks mentions in key agency reports and brought to the attention of regulators have increased by 150 percent in 2016 compared to 2013. Cases referenced in broker research and brought to the attention of investors increased by 129 percent over the period. Articles in leading publications impacting reputation of companies has grown 113 percent over the period.

Insurers’ vulnerabilities are boosted by digitisation of operations, but also through collaborations with other companies or the use of third parties, as well as new software and IT solutions such as cloud computing.

Major operational losses, stemming from intrusions and breaches, are becoming more common. Although recovery costs are usually measurable, the impact on a company’s reputation is much harder to assess. These real-world developments have shown insurers that they need to invest heavily in not only technology but also end-to-end risk management techniques to adequately protect their business against cyber threats.

Insurers need to treat cyber risk in much the same way that they treat traditional insurance risks, namely by defining the level of exposure they are comfortable with and prioritizing investments accordingly, BCG said.

Today’s top stories

AIG appoints new chief information officer as Fasano resigns

Aon Risk Solutions appoints new UK CEO as Tunnicliffe steps down

Lloyd’s syndicates flock to India

Insurers brace for potential surprises in UK's Spring Budget

Did you enjoy reading this story?  Sign up to our free daily newsletters and get stories like this sent straight to your inbox.