It’s starting to get a little crazy out there. Technology is progressing at a rate never seen before in history, and it can be challenging to keep up with the latest forms of communication. As more and more business and professional interactions occur online, there’s a greater risk to personal health information, financial data, and assets that exist on the web or are accessible via the internet. Since protecting assets is the specialty of the insurance industry, it’s up to us to learn how best to protect our clients and ourselves in the face of increasing cyber threats.
Cyber Threats Uninsurable?
Experts in the insurance industry have recently been speaking out on the growing and constantly changing threat of doing business in cyberspace. In an article published in the Financial Times at the end of last year, Mario Greco, CEO of Zurich Insurance, expressed concern that cyber threats could become “uninsurable.”
He said he believes “the growing sophistication and scale of cyberattacks is putting them at risk of becoming uninsurable.” After all, it’s more than just a concern about data security. What happens if a cyber criminal were to be able to hack into critical areas of United States infrastructure? Consequences would be far-reaching, impacting every area of Americans’ lives.
While cyber threats certainly could be all-encompassing and intimidating, is it true that cyber security is uninsurable?
Threat or Opportunity?
Threats can lead to opportunities. The cyber-insurance industry is already estimated to be worth over $3 billion. In the case of cyber threats, this means an opportunity for insurers to step up and anticipate what their policyholders will need to protect themselves online. These cyber risks are new to all of us, and policyholders will need lots of advice and assistance in navigating the online world safely and securely.
Now is the time for insurers to learn and then teach risk management strategies when it comes to online interactions. That means becoming experts in potential threats, like phishing or malware, and on proper digital hygiene. Having that expertise helps insurers coach policyholders on good practices. Ultimately, this helps everyone by reducing the risk of cyber attacks on policyholders, which also protects the interests of the insurer.
This has happened before in the area of auto insurance and continues today. Policyholders receive discounts and incentives for safe driving. This concept can easily transfer to cyber security insurance as insurers give guidance, discounts, and incentives for practicing good digital hygiene.
Coaching “Digital Hygiene”
To lower risk for everyone involved, insurers need to become experts in how to safely conduct business and personal tasks online. Some basic examples from Norton Life Lock include:
- Installing reputable antivirus and malware software on both home and workplace computers.
- Using a network firewall to prevent unauthorized users from accessing email, websites, and other files that are accessible online.
- Updating software regularly to ensure possible glitches are patched or eliminated.
- Choosing strong passwords that are unique, complex, and at least 12 characters long.
- Using two-factor or multi-factor authentication offers extract protection online. Two-factor requires a username and password plus a unique code set to another email or device. Multi-factor adds facial recognition or a fingerprint to confirm identity.
- Employing data encryption on all devices, including backup tapes and cloud storage.
- Backing up data and storing it on an external drive or in the cloud can protect data from hackers.
- Keeping hard drives clean and doing a thorough disk wipe before selling a device.
- Securing routers by updating the password, turning off remote management, logging out as admin, and ensuring you have WPA2 or WPA3 encryption.
Commercial enterprises will likely find this more complex, but whether it’s an individual policyholder or a company, cybersecurity will continue to change. It will be essential to keep up with the latest developments to protect against evolving cyber threats.
Empathy For Clients
Coaching digital hygiene and practicing due diligence in this fast-paced internet culture is essential for insurers to maintain their relationship with policyholders. Saying cyber security is uninsurable doesn’t show proper empathy for our clients. It may be challenging to navigate, but it’s a real risk that people are concerned about.
The insurance industry is there to come alongside clients and help them navigate the many risks that they encounter in life. When a new threat emerges, the industry should be ready and willing to help reduce the stress and worry for the people they serve.
How The Insurance Industry Can Address Cyber Concerns
While the concerns around cyber threats and insurance are valid, the challenges aren’t insurmountable. The insurance industry is built on data and has risen to the occasion before. Because cyber is a new area for insurers, the best way to predict risk is to look back at the client database for incidents, claims, and what the client’s situation looked like before an attack.
That information provides valuable insight for guiding other policyholders in making wise security investments to guard against attacks. Data is everything. The more an insurer can gather about a policyholder, the more accurate the pricing and underwriting will be. In that way, cyber insurance is no different than home, auto, or health insurance.
The main difference with cyber threats is that home or auto threats were fairly stable over time. With cyber, they are constantly changing. That means insurers have to be ready to adapt and switch gears as often as necessary to keep up with the technology.
Preparation is Essential
As with anything preparation is essential. For the rising threat of cyber attacks, that just means gathering additional data. Insurers may need to go to extra lengths to find solid, relevant, and up-to-date information that helps guide the underwriting process.
With enough data about the policyholder combined with the latest knowledge about cyber threats, insurers can guide the client on making security investments that reduce the frequency or severity of any attacks or that support the policyholder in being more resilient after an attack.
Because there are limited data at this point, insurers will have to go over and above to estimate risk. Current risk calculations will have to rely on cyber security data, good intuition, early results, and watching to see what the emerging attacks are.
Other important data to collect are the policyholder’s current cyber security practices, like which software they use, which version they have, how often they upgrade, and their server location — many of the things listed above under good cyber hygiene practices.
These observations will help drive coaching for policyholders on good practices online until we are further into this technology.
In this new world of technology, insuring against cyber threats is certainly no walk in the park. Yes, it is challenging, but the truth is that new challenges always emerge as society progresses. It’s up to us in the insurance industry to rise to the challenge and continue to serve our policyholders the best we can. The insurance industry has always had to anticipate potential threats and figure out how to best prepare for them. This is what we do, and what we’re good at. There’s no reason to fear cyber security insurance; it’s simply a new opportunity to serve.