Tag: cyber security

Future of Cybersecurity and Cyber Insurance | Blog

In our previous publication, Cyber Insurance Market Dynamics, we discussed cyber insurance market dynamics and the measures both insurers and enterprises are taking to improve capabilities, reduce risk, and curb overall claims losses. In this final article in the three-part series, we will explore what the future holds for cyber insurance for enterprises and insurers.

The COVID-19 pandemic has exacerbated the cybersecurity challenges for both enterprises and insurers. While it has exposed the limited cyber readiness within enterprises, it has also increased margin pressure on cyber insurers that are facing rising loss ratios. To address these challenges, manage cyber risk, and offset increases in premiums, enterprises are investing in new technologies like endpoint protection, network security, and application security, among others.

While these measures have worked for firms in the past, the evolving cyber threat landscape has unveiled the need for more robust plans. Insurers, on the other hand, are partnering with cyber risk analytics firms to actively work to improve underwriting prowess. They are also realizing the need of a sustainable policy that won’t pose an imminent threat to the industry profitability in the future.

Work from home security

The pandemic has made enterprises aware that it is possible to successfully run the business in a remote working environment. These businesses have implemented strong IT frameworks to enable employees to work remotely with few challenges or impacts on productivity. Enterprises have invested in network security and Identity and Access management tools that enable employees to work securely on any given network. With increasing cloud adoption, cloud-based security services will become a hot topic for enterprises to curb growing cyber-attacks.

Maintaining strict access control is likely to be the guiding principle for cyber policies in enterprises. Organizations will implement stringent hardware authentication measures to prohibit unauthorized access to systems. Automated and adaptive network scanning is also expected to be a key theme in the cybersecurity landscape. Enterprises will monitor and scan the connected networks to report any anomalies in real-time, thus enabling teams to proactively fix them. Learning and adapting to the new risk landscape will be an important aspect of enterprise cybersecurity teams. Using Artificial Intelligence/Machine Learning (AI/ML), enterprises will be able to identify patterns and help prevent repeated attacks by developing exhaustive threat intelligence. The use of AI is not only limited to scanning and pattern identification, but it is also expected to prove beneficial to combat social engineering, malware, and ransomware attacks.

We have mentioned in parts one and two of our previous publications (“Cyber Insurance Market Dynamics” and “Cybersecurity Risk Management in a Post-Pandemic Era”) that cyber threats evolve along with evolving technologies. The same is true in the case of quantum computing. While it is expected to bring its own set of advantages in the fields of analytics, cryptography, aviation, medical research, etc., it is also expected to impair our existing encryption methods.

Continued cyber insurance growth forecast

The global cyber insurance market has experienced strong growth in the past, and this trend is likely to continue in the near future. The continuous shift to advanced technologies like AI/ML, cloud and APIs, has compelled enterprises to include cyber insurance in cybersecurity plans. While it is not a panacea solution to the enterprise cyber risk problem, the insurance coverage does provide the necessary systemic risk sharing from potential attacks. Going forward, cyber insurance will transform from a “nice to have” product to a “must have” product for enterprises. Firms will actively look for coverages that include cybersecurity, cyber liability, and technology errors and omissions, among others. The bundling of value-added services in addition to cyber coverage has increased the attractiveness of cyber insurance for enterprises.  In addition to the necessary risk insurance, enterprises now have access to risk prevention and mitigation products and services from insurers.

In the remote/work-from-home world, the lines between commercial and personal cyber risk have become blurred. The need to have employees work from home is not likely to change in the short to mid-term, so insurers will offer enterprises personal cyber risk covers to shield consumers from any cyber-related risks. Recently, Chubb insurance introduced BLINK, an affordable insurance product with an embedded cyber protection cover that addresses the gap between those customers who are concerned about personal cybersecurity (80%-plus) and those who have cyber protection (16%).

As the market expands, insurer limits to risk-taking capacity may dampen the overall growth. While insurers are preparing for the impending cyber capital crisis that may emerge in the event of large-scale cyber-attacks, they are also thinking of innovative ways to address this challenge. Insurers are looking at capping lines of coverage and increasing rates while also diversifying current cyber risk portfolios of large enterprises. Increasingly, insurers will seek to offer coverages to medium-sized businesses as those organizations are becoming increasingly reliant on technology and are aggressively facing cyber-attacks. According to Verizon’s Data Breach Investigation Report, small and medium-sized businesses are at a high risk of data breaches and cyber-attacks. With a considerable proportion of medium-sized businesses seeking to purchase cyber insurance, insurers and brokers will look to tap into this target market.

In-house expertise for insurers to grow

Historically, insurers have largely relied on third-party cyber risk analytics firms for underwriting cyber risk. However, that is expected to change. Insurers are building in-house capabilities and hiring IT experts to strengthen cyber underwriting practices. Going forward, we also expect insurers to build a cyber insurance ecosystem to successfully underwrite cyber risk and consequently generate long-term profitable growth. With this, insurers can bring significant value to the enterprises while also enhancing underwriting capabilities by leveraging real-time threat intelligence. This will provide insurers with new data sources and insights to drive better risk evaluation and, in turn, build a more resilient cybersecurity landscape. Industry regulators will also play a key role in risk underwriting with the introduction of regional cyber insurance risk frameworks as best practices for managing cyber risk.

In the future, the evolving cybersecurity and cyber insurance landscape will demand proactive measures from both enterprises and insurers alike. As enterprises adopt new and emerging technologies, they will need to strengthen their cybersecurity position with new-age solutions like cloud application security and AI/ML-based automated security. Insurers will leverage new data sets for cyber risk underwriting and create a cyber insurance ecosystem that will provide them with the capability to act as coverage providers and also position them as strong risk advisors.

For more insights on cybersecurity, please see the first blog in this series, Cybersecurity Risk Management in a Post-Pandemic Era, or the second blog in the series Cyber Insurance Market Dynamics.

If you’d like to share your observations or questions on the evolving cybersecurity and cyber insurance landscape, please reach out to Barbara Beller ([email protected]), Supratim Nandi ([email protected]), or Mehul Khera ([email protected]).

The “War” in Ransom“war”e – Service Providers will Feel the Pain of Clients’ Tougher Security Policies | Sherpas in Blue Shirts

In the immediate aftermath of last week’s Wannacry ransomware attacks around the world, many organizations will consider how quickly and effectively to update older Microsoft operating systems and apply the necessary patches. The longer-term effects, however, will be more far reaching as governments and other organizations review their security policies to protect their systems against future attacks. This spells tougher requirements on IT services as well as service providers’ connections to client systems.

Tougher government policies on suppliers

The Wannacry attack in the UK crippled the National Health Service (NHS), putting people’s lives at risk. It is going to cost billions to put right, not only in terms of upgrading systems but also rescheduling operations and treating people whose condition will have worsened after the delay caused by the attack. The UK government must act and be seen to act to better protect vital services in the future. It is likely to unveil new stringent policies for cyber security.

While this spells new business opportunities for IT service providers to enhance the public sector’s cyber security, other service providers will feel the pain of even more longwinded procedures to connect to client’s VPNs when working on system integration or business process services. Many already have to apply to clients’ IT departments on a daily-basis to be allowed to connect to VPNs. More stringent requirements are likely to come into force.

Microsoft must face the music

Let us not forget that it was a Microsoft Windows vulnerability that enabled this attack. Microsoft must face pressure to continue to support its older operating systems for longer. There are often legacy systems that work only with older operating systems. A Windows upgrade can therefore be very costly. A cash-strapped organization, the NHS prioritises patients care over keeping up with Microsoft’s timetable for Windows upgrades and discontinuing support for older operating systems. This is something that the UK government must address. It has enough buying power to demand action from Microsoft.

Upgrade pressure on government agencies

Government bodies such as the NHS will be put under renewed pressure to upgrade their systems and keep them up-to-date. The organizations will no doubt demand extra cash to deal with the situation. Spending on cyber security is set to increase whether agencies find new money or redirect funds from other activities. This ransomware attack will therefore boost the IT market for end-point security if not the wider security sector.

Pressure on users

Users too will feel the pain of ransom“war”e. Tougher usage policies are likely to get enshrined in IT department guidelines. Users are likely to experience reduced flexibility as more organizations adopt desktop lock downs with workspaces become more centrally controlled and monitored to reduce risks.

With numbers and varieties of attacks increasing, all aspects of IT security will be tightened up. Even the most laggard of organizations will look to build better security controls across their broad IT services or risk loss of business, revenue, reputation and in some cases, the wellbeing of their customers.

Request a briefing with our experts to discuss the 2022 key issues presented in our 12 days of insights.

Request a briefing with our experts to discuss our 2022 key issues

How can we engage?

Please let us know how we can help you on your journey.

Contact Us

  • Please review our Privacy Notice and check the box below to consent to the use of Personal Data that you provide.