Cyber-crime is largely driven by financial motives, making anyone a target.
The good and bad technology
Companies from all industries are becoming more and more dependent on different and increasingly complex IT systems, information, cloud computing, software, sensors, smart devices, and artificial intelligence, making them more vulnerable to cyber-attacks.
32 percent of IIoT (Industrial Internet of Things) devices are connected directly to the Internet, bypassing traditional IT security layers.
"The planning for building these connected networks is not yet mature, and where automation and IIoT bring great possibilities, they can also create risk exposures", Peter notes. "Many organisations have started to realise their cyber risks, but still often choose operational efficiency and costs over security, or do not spend sufficient time thinking about cyber security, lifetime support, and budgets when incorporating these devices as part of the infrastructure4", Peter says.
Defence from collaboration
"No industry is safe from cyber risks, so all industries need to find means to develop resistance against them. In nearly two-thirds of organisations, cyber risk is among the top five risk management priorities.¹ However, it should be top five for everyone", Peter says.
"We are beginning to understand the risks and the means to protect against them as we gather more data. Cyber risks cannot be eliminated, but we can prepare and mitigate the risks", Peter continues.
The key to tackling the rapidly changing cyber risk environment is transparent collaboration between organisations, insurers, and governments.
The new EU data protection regulation, GDPR, requires all organisations to report breaches on privacy to the authorities, inform affected individuals, and compensate them for damages.
"With this new regulation in place, and the increasing number of cyber-attacks, combined with privacy information being the most affected in data breaches, I think 2018 is the year we will start to see a sharp increase in financial losses among organisations experiencing cyber-attacks", Peter continues.
On the positive side of GDPR, the authorities have the potential to provide new and wider information on the number and consequences of cyber incidents, which both organisations and insurance companies can use to manage this risk.
This could enable the cyber insurance market to better understand this new, complex, and unpredictable risk. This, along with the capability to calculate and price risks, can provide more financial capacity to the market.
"In the end, the key is to manage cyber risks together. It is neither practically nor financially feasible for organisations to implement technical and organisational security controls that protect them 100 percent. Cyber insurance solutions will play a vital role in protecting organisations' intangible assets", Peter concludes.
1) Marsh & McLennan – Global Cyber Risk Perception Survey February 2018
2) Allianz Global: A Guide to Cyber Risk – Managing the Impact of Increasing Interconnectivity
3) Verizon – 2018 Data Breach Investigations Report
4) The 2018 SANS Industrial IoT Security Survey