Cyberattacks can come with a high cost, and the current dedicated cyber-insurance market isn’t large, but that doesn’t mean that the challenge is too tough to conquer. However, governments may need to involve themselves in some of the solutions.
The increasing frequency and severity of cyberattacks has companies on edge as they work to cope with a changing business environment. But Swiss Re’s latest sigma report “Cyber: Getting to grips with a complex risk,” says businesses need to do much more to integrate cybersecurity into their risk management programs.
While there are multiple initiatives under way to increase the resilience of cyber capabilities, some, the report says, “especially those related to extreme catastrophic loss events, may be uninsurable. For such risks,” it adds, “there may be a case for a government-sponsored backstop.”
Regardless, the cost can be high for companies hit by such attacks, with considerations going far beyond managing fallout resulting from lost or corrupted data. They also have to deal with potential reputational damage, as well as physical and intellectual property damage and disruption to business operations.
Although firms are increasingly aware of the threats posed by cyberattacks, they’re “generally ill prepared to cope with cyber risk,” the report says. Not all that many firms have actually integrated cybersecurity into their mainstream risk management, it warns, adding that regulation could compel change as legislation in multiple jurisdictions require firms to add enhanced data protection safeguards.
As a result, “firms — large and small — need to invest more in cyber security architecture to develop robust pre-and post-loss risk management capabilities,” Kurt Karl, Swiss Re chief economist, says in a statement.
Product and process innovation, in addition to advanced analytics, can help to develop better cyber insurance solutions, extending the boundaries of insurability and reach of cover. Better cyber risk modeling is essential, but part of that process is the “capture and analysis of relevant data and threat intelligence needed to underwrite cyber risks accurately.”
As work continues on developing those models, product and process innovation in insurance and other risk transfer mechanisms “will play an important role in upgrading cyber risk management capabilities.”
Even as companies seek to offload cyber risk, so too will insurers, via the development of investment vehicles enabling capital market investors to take some of the exposures. And governments will not only have to step in to require better measures in the use and protection of cyber capabilities, but also to serve as an insurer of last resort for truly catastrophic events.