Quantifying reputational damage from cyber keeps insurers awake at night
Insurers are grappling with the quantification of the damage to a business’s reputation that arises from a cyber attack, as this is not currently covered in cyber policies across the industry.
This was one of the key themes that emerged during a panel of cyber specialists speaking at the Airmic Conference 2017.
Citing the recent global system outage of British Airways, the ransomware attack on the NHS, and the data breach of TalkTalk, there are subsequent damages that arise from such examples that the industry still needs to address.
All of the intangible costs that arise from reputational damage would not be picked up, argued William Wright joint head of privacy, cyber and technology at Paragon International Insurance Broker.
The reputation damage can transfer through loss of income, the costs of public relations and managing a brand in light of an event, for example.
“It’s one of the biggest challenges the insurance market faces - and I don’t believe we are quite at that stage yet - is how you actually put a number on reputational damage,” said Wright.
Christian Stanley, performance management directorate at Lloyd’s of London, who hosted the event, explained that the media attention from the high profile losses is making the industry question how to calculate the true cost of a cyber attack.
“Every day you open a newspaper and somebody has been hacked,” said Stanley. “Nobody wants to advertise if there is a breach.”
And the outage of British Airways illustrates this, according to Patrick Hill, cyber specialist and partner at DAC Beachcroft.
“Who would want to be the CEO?” Hill asked. Whether they come forward or hide from the media, the publicity is adversely impacted, he explained.
And from an insurer’s perspective, the quantification of reputation and brand damage is very difficult. Stanley said: “It’s what keep businesses awake. It’s a domino effect; it just gets worse and worse.”
Wright continued: “Share price drops, investor fallouts, extra costs to boards; all of these intangible would not be picked up by your standard cyber policy, but they’re huge.”
He explained that it would be a “wonderful world” if there was a metric that can pinpoint where a business stands before and after an event, with a payout calculated accordingly. “I applaud any insurer that comes out with that product,” Wright said.
Already registered?
Login to your account
If you don't have a login or your access has expired, you will need to purchase a subscription to gain access to this article, including all our online content.
For more information on individual annual subscriptions for full paid access and corporate subscription options please contact us.
To request a FREE 2-week trial subscription, please signup.
NOTE - this can take up to 48hrs to be approved.
For multi-user price options, or to check if your company has an existing subscription that we can add you to for FREE, please email Elliot Field at efield@newtonmedia.co.uk or Adrian Tapping at atapping@newtonmedia.co.uk
Editor's picks
Editor's picks
More articles
Copyright © intelligentinsurer.com 2024 | Headless Content Management with Blaze