Insuring organizations against the consequences of cybersecurity incidents is complex. The ramifications of these events can be dramatic, and some companies may find themselves in virtually unrecoverable situations with reputational and financial damage, along with legal liabilities crippling the business.
Cyber risk has the ability to affect all aspects of a business and consequentially all lines within the insurance industry. While insurable, its risk may feel infinite and difficult to understand. Lockton, the world’s largest privately held insurance broker, explains that just like the evolution of property coverage, cyber risk must develop with the landscape to meet critical business needs.
Jared Wosleger, Lockton’s property risk cyber expert in New York, explains in the white paper “From Third to First: A Game-Changing Play in Cyber Risk,” that cyber should also be looked at as a property issue and underwriters need to pay attention as the risks propagate.
“Just one cybersecurity event can cause multiple losses in unanticipated ways,” Wosleger said. “Unlike a wind event, which poses a threat to a specific region or number of locations, a cyber-attack poses a serious aggregation issue that can be a catastrophe waiting to happen.”
Max Perkins, co-author of the white paper and Lockton’s London-based expert on technology and privacy risk explains that while insurers have not historically looked at cyber as a property issue, it is increasingly becoming one.
“Companies must work to better understand their cybersecurity exposures as boards and shareholders focus more on this threat and the public perception that the playing field favors the attackers,” Perkins said. “In order to aid this process, insurance carriers continue to adjust their appetites to take on cyber risk, with the property insurance market being the first of the traditional markets to move.”
Hackers no longer only have criminal intent like stealing personal data, but have political or terroristic motivations. Britain’s security services concluded that North Korea was behind the WannaCry ransomware attack —the first of its kind conducted by a nation state— that affected Britain’s National Health Service, FedEx, Germany’s railway system and others.
Another emerging threat that is outpacing available defenses is attacks on physical devices and assets. The Internet of Things (IoT) has allowed individuals to control their environment via smartphones. It has also introduced connected devices to be exposed to physical attacks. Companies are using IoT to remotely control machinery and equipment which leaves them exposed to their physical assets being disrupted.
Businesses who do not take steps to mitigate their cyber risk can become exposed to first-party consequences like:
- Property damage
- Network interruption
- Data corruption
- Theft of intellectual property
- Cyber extortion
- Reputational damage
Addressing cybersecurity risk as a property issue is a relatively new concept but aggressive action needs to be taken since risks are continuing to multiply. The insurance industry must innovate to remain an indispensable partner and Lockton experts are keeping up to help guide clients through the evolving landscape of unforeseen threats.
You can read more posts on cybersecurity here