How can insurers keep up with cyber risks?
Mathias Wethmar, Senior Analyst at Hannover Re, looks at the growing cyber challenge, and Simon Gilbert, Managing Director of Elmore Insurance Brokers, explains how brokers can improve risk management and strengthen cyber security.
Cyber risk has been growing in parallel with digital transformation for more than 20 years, and Covid-19 has accelerated the trend because of the increasing reliance on technology during the pandemic. As a result, there has been a dramatic spike in ransomware attacks and other cyber events since 2020. However, security was already a major challenge long before Covid-19, and insurers have been trying to better understand and manage cyber risk.
“Cyber insurance has to keep up with rapidly changing threat scenarios and the sophistication of cybercriminals,” says Mathias Wethmar. “Ransomware, business interruption, accumulation, and systemic risk: these are just some of the hazards facing cyber insurers. And because it’s still an immature marketplace, albeit fast-moving, uncertainty is an added danger, which leads to misunderstandings and exposure through so-called silent cyber. This is when there is risk exposure because a policy doesn’t explicitly include or exclude a cyber risk.”
To stay ahead, Wethmar says insurers must fully analyse and manage risks both before and after cyber events, and develop more rigorous modelling and underwriting controls. However, from the underwriting perspective, there is no standard policy to cover cyber risks.
“Threats vary widely across sectors, industries and geographies,” says Wethmar, “and they are continually evolving. Insurers must adopt a holistic approach and develop preventative cybersecurity measures, and transfer residual risk through bespoke insurance products.”
Risk management through collaboration
Because cyber insurance has a relatively short track record and addresses a volatile marketplace and dynamic risks, primary insurers rely heavily on reinsurance to fill the protection gap. Any insurer whose risk management is deficient may suffer avoidable claims and accumulation risk. This underlines the need for collaboration with insurtechs and specialist risk management partners who can help to control the risks.
“At Hannover Re, we focus on the entire risk chain,” says Wethmar. “To help our clients, we collaborate with partners and focus on everything from prevention to crisis assistance. For example, assessing digital vulnerability through endpoint analysis and scoring, and implementing action plans with help from our cyber risk dashboard.”
Brokers are meeting the challenge
For brokers, the cyber marketplace demands the same holistic approach, with risk controls and cyber awareness reinforcing traditional risk transfer and shifting the focus onto prevention. As a cyber specialist, Elmore Insurance Brokers is developing strategies, tools and resources to manage risk and help cyber insurers to counter the argument that insurance incentivises cybercrime because it makes ransom payments more likely.
“Brokers must help clients to strengthen their cyber defences as well as provide the customary financial risk transfer mechanism,” says Simon Gilbert, Managing Director of Elmore. “Cyber insurance must draw on the best insights and intelligence available, which requires partnerships with data and analytics providers, cloud service providers, and threat intelligence providers. Brokers must play an active role in embedding cybersecurity controls, such as multi-factor authentication, file encryption, and endpoint detection and response tools. Collectively, these measures mitigate cyber risk and reduce the likelihood of claims. In return, insureds can go from being uninsurable to being within an insurer’s risk appetite.”
This coordinating role is helping the insurance industry to monitor cyber threats and shape policies in response to new risks and market conditions. Gilbert says that it’s the job of brokers to give insureds peace of mind by applying the right tools and risk reviews to keep pace with the ever-changing cyber landscape.
“To build resilience and contain cyber risk, you need both an ‘outside-in’ and an ‘inside-out’ approach that covers all the main attack vectors,“ says Gilbert. “In addition to scanning external elements such as open ports, you must stay on top of internal data threats and vulnerabilities, whether caused by errors or malicious actions. When it comes to managing risk, we’re going to see far more cooperation between brokers, carriers and third-party specialists.”
The need for human firewalls
“As brokers, we must do more than just offer coverage,” says Gilbert. “We must help clients with the overall cyber security context. That includes strengthening network security, developing breach response plans, and educating employees on best practice as part of a comprehensive broker-led approach.”
"Humans are frequently the weakest link in cyber defences.”
Gilbert stresses that it’s not just about technology. It’s also about behaviour and awareness, as humans are frequently the weakest link in cyber defences. “Companies must develop human firewalls,” says Gilbert, “and create security-conscious cultures to minimise human error and vulnerability. We do this at Elmore by partnering with an information security firm who build awareness through gamification, among other things.”
Effective cyber insurance demands a collegiate approach. Brokers, carriers, data specialists, and infosec experts must work closely together to keep pace with cybercriminals, and brokers must play a central role to ensure that protection means prevention as well as risk transfer.
Elmore Insurance Brokers is a registered Lloyd’s broker with a strong presence in the London Market as well as a growing European hub based in Lisbon. As a cyber specialist, Elmore works with a wide range of third parties, such as information security (infosec) firms, maximising protection through a blend of technical and analytical skills. Elmore is certified under the UK government-backed ‘Cyber Essentials’ scheme, which demonstrates alignment with cyber security principles. As well as threat intelligence, Elmore includes penetration testing as part of its cyber service. This highlights any digital weaknesses that might be exploited by cybercriminals, and test findings can help to determine policy coverage and premiums.