They have also realised that investing in pre-emptive mitigation efforts and cyber hygiene is better than facing the cost of an attack as it could be far greater, the reinsurer writes.
Yet, John Coletti, Head Cyber Reinsurance at Swiss Re, believes that efforts being undertaken against cyber threats are never enough, and highlights a number of measures insurers can take to strengthen cyber defence.
“As digitalization proliferates and technology advances, so does exposure to cyber threats, he said. Adding: “A new expertise paper from the Swiss Re Institute (SRI) ‘Cyber: Extending insurability for a rapidly evolving risk’ gets to the heart of the problem: ‘The pace of technological change, the rising awareness of cyber risk and the adoption of cyber hygiene practices to keep data and networks secure, are not synchronised.’”
“Rather, we have a legacy of outdated security protocols and IT systems, and regulatory frameworks are only slowly catching up with technological realities. This lag in cyber defence opens the door to malicious actors seeking to exploit digital vulnerabilities for financial, reputational or geopolitical gain.”
SRI researcher’s have emphasised that the insurance industry in particular has great leverage to increase cyber resilience. It plays a key role providing not only risk transfer but incentivising cyber risk mitigation.
The latest is achieved thanks to its conditions for companies to obtain cyber coverage as they must prove that they have a quality cyber risk program in place that supports monitoring and aiding responses to cyber attacks.
Coletti said: “The SRI researchers highlight three areas of improvement where the insurance industry can help manage cyber risks more efficiently and increase insurability.
“To address these limitations the SRI researchers recommend stakeholders improve cyber resilience by: standardising data and improving modelling; addressing the cyber talent gap by investing in education; and investing in new sources of capital and private-public collaboration.”
According to the SRI this will help mitigate overall exposures, improve understanding of the risk and help make society more resilient to attacks with devastating and potentially systemic consequences.
Coletti added that the SRI recommendations emphasises that the human and networked nature of cyber means the risk will continually evolve and require a coordinated response. Enhancing resilience will require collaboration between corporations, insurers and governments.
“While the uncertainty of future events is an intrinsic feature of the insurance business, aggregations risks add another layer of complexity,” Coletti noted. “It may leave insurers unwilling to cover these extreme tail risks with large loss potential. One solution to fill the protection gap is to design a type of public-private partnership (PPP) insurance scheme where the coverage of systemic risks is split between insurers and a government-backed fund.”
According to Coletti, even though the fear of cyber attacks is almost impossible to avoid, there is no need to be afraid, but “we must maintain the appropriate respect for a threat that is growing in magnitude”, he highlighted.
