The WannaCry ransomware attack which affected businesses and individuals around the world in May this year served as a powerful reminder that vulnerability to cyber crime is the new normal.
According to a study conducted by Chubb as part of Airmic's A Profession in Transformation research published in June this year, around one third of risk and insurance managers are concerned about cyber-driven business interruption and loss or theft of personal data.
Importantly, risk managers and insurance buyers are convinced that these risks will persist as the pace of digital change accelerates. Asked to look ahead three years, and more than a fifth cited new technologies including the Internet of Things (IoT) and Artificial Intelligence (AI) as key risk drivers - so much so that risks linked to digital transformation are now seen to transcend better known risks such as physical damage, fire, political risk or natural catastrophes. But, the report found, businesses as a whole have yet to wake up to the growing threat.
Some two-thirds of risk managers and insurance buyers have yet to convince their organisations that cyber is an enterprise risk, with many only coming together with technology or security teams at times of crisis. Worryingly, fewer than half of risk professionals surveyed had regular and close collaboration with IT information security functions.
Are risk managers ready for the cyber challenge?
Having risk management embedded across all core business functions is, to my mind, the only model for preventing and managing technology-related and other complex cyber risks. However, our research shows this may be easier said than done. Only 9% of risk and insurance managers were confident they could cope with the increasing use of new technologies and, even more concerningly, confidence about adopting business models built on new technologies such as IoT or AI was negative.
Against this backdrop it is not surprising that three-quarters of risk and insurance managers recognised that to be at the forefront of the evolving risk landscape, the profession must change significantly, with respondents singling out digital transformation as a core learning curve. In a world in which the future belongs to the fast, risk and insurance professionals have a narrow window in which to acquire knowledge, build confidence and seize the opportunity to influence digital transformation.
Does cover address demand?
Encouragingly for the insurance industry, our research shows risk and insurance managers are convinced that insurance is effective as a tool for the management of cyber risk. Just under half (48%) plan to transfer cyber risks related to loss or theft of data, while just over half (52%) said the same for cyber-related business interruption.
However, respondents pointed out areas where greater innovation was needed particularly in data breach recovery services and legal support in the event of a breach or theft of intellectual property. Although products now often include business interruption cover as a result of network security failure or attacks, human or programming errors; data loss and restoration; first and third party exposures; physical damage and even bodily injury, the sentiment from respondents was that there is still room for innovation and improvement.
Another driver of increased take-up would, of course, be further innovation in risk engineering services. To help us do that, we are investing in and expanding our in-house risk engineering team, as well as bringing in third-party vendors, to help companies assess and benchmark their exposure and identify key points of weakness.
What does the future hold?
In a world where digitalisation is driving greater frequency and severity of cyber crime, creating new paths for malicious attacks, intellectual property loss, business interruption, and first- and third-party exposures, cyber-related business interruption, data loss and theft will be significant for risk managers and insurance buyers in the future.
To manage and mitigate the threat effectively, both the risk management profession and the insurance industry have much to do. Risk managers and insurance buyers need to upskill and embed themselves across the enterprise in order to live up to the strategic imperative to add value by managing new digital risks better. The market, meanwhile, must continue to invest heavily in the next phase of innovation.
The challenge for risk managers and insurance buyers is to ensure that the speed of change in the risk environment does not outpace the progress being made in combatting this threat.
Kyle Bryant is cyber risks manager, Europe, at Chubb. To read the full report, download Digital Transformation, a joint report by Airmic and Chubb. This was part of Airmic's A Profession in Transformation project based on an in depth survey of its membership.