Cyber Security Liability
How Do You Insure Against Cybercrime?
Cyber has become one of the most dynamic and frequently discussed new risk dimensions, fueled by highly publicized incidents of data breaches, such as the targeting of Sony Entertainment ‘s networks, apparently over a satirical comedy portraying North Korea’s leader, or an attack on French broadcaster TV5Monde’s channels and social media accounts in early April by hackers claiming to be from Islamic State in Iraq and the Levant (ISIS).
As a result of such cases, organizations are not only increasing their protection against cybercrime, but are also including cyber-risk into their risk-management framework. “There are only two types of companies: those that have been hacked and those that will be,” to put it simply and in the words of former FBI director Robert Mueller.
Cyberinsurance has grown out of recognition that both cybercrime and data privacy rank among the most worrisome risks faced by organizations today. So far the insurance industry considers cybercrime as borderline insurable, quite similar to terrorism.
To be able to step up to the challenge of making cyber-risk more insurable, we need to understand the risk of aggregation (be it from prolonged service interruption following a cyberevent, or widespread data privacy breaches) and be able to distinguish between random events versus targeted cyberterrorism or even government sponsored attacks.
Simultaneously, this is not just a challenge for insurers. It requires the cooperation between government agencies, academia and specialized IT firms to provide the technical and regulatory framework to make cyber-risk insurable.
The insurance industry will continue to be a partner and help organizations get back on track when things go wrong: We estimate that by 2025, cybercoverage will be in every retail, commercial and industrial insurance policy.
Following on from that it will be interesting to see how societies in the future will react to cyber-related data privacy breaches. Will younger generations develop the same attitude toward personal data protection as our generation has done, or will standards change as personal data becomes even more widely available (for example, from wearable technology or driverless cars)?
Will cybersecurity become the norm, or will hackers continue to find ways to penetrate systems, and with what consequences? Only time will tell.
SOURCE: Michel M. Liès is the group chief executive of Swiss Re, a global reinsurer. CLICK HERE
For more information, visit Cyber Security Liability or contact Southwest Risk Management at 1-866-924-7976 (SWRM).