How can insurers keep up with cyber risks? 

25 January 2022

Mathias Wethmar, Senior Analyst at Hannover Re, looks at the growing cyber challenge, and Simon Gilbert, Managing Director of Elmore Insurance Brokers, explains how brokers can improve risk management and strengthen cyber security.

Cyber risk has been growing in parallel with digital transformation for more than 20 years, and Covid-19 has accelerated the trend because of the increasing reliance on technology during the pandemic. As a result, there has been a dramatic spike in ransomware attacks and other cyber events since 2020. However, security was already a major challenge long before Covid-19, and insurers have been trying to better understand and manage cyber risk. 

“Cyber insurance has to keep up with rapidly changing threat scenarios and the sophistication of cybercriminals,” says Mathias Wethmar. “Ransomware, business interruption, accumulation, and systemic risk: these are just some of the hazards facing cyber insurers. And because it’s still an immature marketplace, albeit fast-moving, uncertainty is an added danger, which leads to misunderstandings and exposure through so-called silent cyber. This is when there is risk exposure because a policy doesn’t explicitly include or exclude a cyber risk.” 

To stay ahead, Wethmar says insurers must fully analyse and manage risks both before and after cyber events, and develop more rigorous modelling and underwriting controls. However, from the underwriting perspective, there is no standard policy to cover cyber risks.

“Threats vary widely across sectors, industries and geographies,” says Wethmar, “and they are continually evolving. Insurers must adopt a holistic approach and develop preventative cybersecurity measures, and transfer residual risk through bespoke insurance products.”

Risk management through collaboration

Because cyber insurance has a relatively short track record and addresses a volatile marketplace and dynamic risks, primary insurers rely heavily on reinsurance to fill the protection gap. Any insurer whose risk management is deficient may suffer avoidable claims and accumulation risk. This underlines the need for collaboration with insurtechs and specialist risk management partners who can help to control the risks.

“At Hannover Re, we focus on the entire risk chain,” says Wethmar. “To help our clients, we collaborate with partners and focus on everything from prevention to crisis assistance. For example, assessing digital vulnerability through endpoint analysis and scoring, and implementing action plans with help from our cyber risk dashboard.”

Brokers are meeting the challenge

For brokers, the cyber marketplace demands the same holistic approach, with risk controls and cyber awareness reinforcing traditional risk transfer and shifting the focus onto prevention. As a cyber specialist, Elmore Insurance Brokers is developing strategies, tools and resources to manage risk and help cyber insurers to counter the argument that insurance incentivises cybercrime because it makes ransom payments more likely. 

“Brokers must help clients to strengthen their cyber defences as well as provide the customary financial risk transfer mechanism,” says Simon Gilbert, Managing Director of Elmore. “Cyber insurance must draw on the best insights and intelligence available, which requires partnerships with data and analytics providers, cloud service providers, and threat intelligence providers. Brokers must play an active role in embedding cybersecurity controls, such as multi-factor authentication, file encryption, and endpoint detection and response tools. Collectively, these measures mitigate cyber risk and reduce the likelihood of claims. In return, insureds can go from being uninsurable to being within an insurer’s risk appetite.” 

This coordinating role is helping the insurance industry to monitor cyber threats and shape policies in response to new risks and market conditions. Gilbert says that it’s the job of brokers to give insureds peace of mind by applying the right tools and risk reviews to keep pace with the ever-changing cyber landscape.

“To build resilience and contain cyber risk, you need both an ‘outside-in’ and an ‘inside-out’ approach that covers all the main attack vectors,“ says Gilbert. “In addition to scanning external elements such as open ports, you must stay on top of internal data threats and vulnerabilities, whether caused by errors or malicious actions. When it comes to managing risk, we’re going to see far more cooperation between brokers, carriers and third-party specialists.”

The need for human firewalls

“As brokers, we must do more than just offer coverage,” says Gilbert. “We must help clients with the overall cyber security context. That includes strengthening network security, developing breach response plans, and educating employees on best practice as part of a comprehensive broker-led approach.”

"Humans are frequently the weakest link in cyber defences.” 

Simon Gilbert, Elmore Insurance Brokers

Gilbert stresses that it’s not just about technology. It’s also about behaviour and awareness, as humans are frequently the weakest link in cyber defences. “Companies must develop human firewalls,” says Gilbert, “and create security-conscious cultures to minimise human error and vulnerability. We do this at Elmore by partnering with an information security firm who build awareness through gamification, among other things.”

Effective cyber insurance demands a collegiate approach. Brokers, carriers, data specialists, and infosec experts must work closely together to keep pace with cybercriminals, and brokers must play a central role to ensure that protection means prevention as well as risk transfer. 

About Elmore Insurance Brokers

Elmore Insurance Brokers is a registered Lloyd’s broker with a strong presence in the London Market as well as a growing European hub based in Lisbon. As a cyber specialist, Elmore works with a wide range of third parties, such as information security (infosec) firms, maximising protection through a blend of technical and analytical skills. Elmore is certified under the UK government-backed ‘Cyber Essentials’ scheme, which demonstrates alignment with cyber security principles. As well as threat intelligence, Elmore includes penetration testing as part of its cyber service. This highlights any digital weaknesses that might be exploited by cybercriminals, and test findings can help to determine policy coverage and premiums.

Related solutions

Q_PERIOR offers standardized cyber security audits and assessments for insurers to find the most suitable insurance rates against cyber crime.The combination between a long history of working in the insurance industry and the technical expertise of cyber security enables us to provide quick and impactful appraisals.
Für sie macht Perseus Cyberrisiken beherrschbar.Der Firmenname geht auf die Sage von Perseus zurück. Dieser Held der griechischen Mythologie steht für Schutz und Sicherheit. Nach dieser Maxime unterstützt Perseus seine Kooperationspartner sowie Kunden und ist dadurch fast in jeder zweiten Cyberpolice enthalten. Perseus bietet Lösungen im Bereich der Cyberprävention, Risikobewertung und des Notfallmanagements. Nutzen sie die Dienstleistung von Perseus in ihrer Versicherungspolice für eine reduzierte Schadenquote bei gleichzeitig steigendem Umsatz. PERSEUS, DER FÜHRENDE DIENSTLEISTER FÜR CYBERSICHERHEIT IN DER VERSICHERUNGSBRANCHE
cysmo® is the new dimension of cyber risk assessment for insurers by PPI AG, which measures the probability of success of potential and real-life cyber attacks in real time.

User questions

Answered questions

Unanswered questions

Please note that submitted questions are public.

Views: 7623

Downloads: 0

Ratings by number of stars:
100 %
0 %
0 %
0 %
0 %

Page is favored by 0 user.

Contact inquiries: 0

Rate this page!