Cyber risk Green Paper tackles major concerns for public and private sectors
In Australia, a cyber crime was reported every eight minutes over the past financial year and cyber risk cost the economy $33 billion. In a Green Paper commissioned by the Actuaries Institute, Taylor Fry authors Win-Li Toh and Ross Simmonds explore the challenges and opportunities in creating a vibrant, sustainable cyber insurance market – and why collaboration between government, business and insurers is key to filling major gaps in protection against attack.
The paper highlights how technology is woven into every aspect of our daily lives and cyber criminals take advantage of this dependence. Lead author Win-Li Toh says, “Despite increasing government and business spend, the approach to addressing the exposures appears disjointed and the losses are mounting. No one is immune – from SMEs to the largest corporates – across industries and disrupting supply chains.”
What’s more, Win-Li adds, government entities are a long way off baseline standards of cyber security, while many businesses are also behind in their resilience against rapidly shifting risks.
Cyber insurance as influencer, but there are gaps
In addressing these core issues, Win-Li says, “Importantly, cyber insurance is not the first line of defence – that role goes to good cyber hygiene and security. But cyber insurance can influence best practice in a major way – by boosting cyber hygiene and security resilience through eligibility criteria, pricing and insights.
“A vibrant cyber insurance market will do more than provide financial recompense for risks that break through the first line of defence.”
For this role to be effective, Win-Li says several gaps need to be addressed, including:
- A severe shortage of qualified cyber security personnel
- Limited understanding of the role of cyber insurance among Boards
- Limited education on cyber risks among SMEs
- Achieving sufficient capacity and profitability in the market
- Managing accumulation risks
- Cyber hesitancy in seeking the right insurance solutions.
Cyber risk an explosive global concern
Globally, cyber risk is mirroring the Australian experience and growing at unprecedented levels, with ransomware attacks more than tripling in two years. Contributing factors to this expanding risk include: the accessibility of Ransomware as a Service, the development of crypto currencies enabling untraceable payments, and cyber insurance hesitancy due to reduced cover, increasing premiums and a reduction in policy limits.
Compounding these issues, the paper points to the lack of geographical boundaries in cyber risk, where a computer virus can spread quickly around the world, resulting in multiple companies making a claim. “This is the accumulation risk challenge for an insurer,” Win-Li says. “The potential for a single event to trigger losses across business lines and global borders.”
A further hurdle is the difficulty in defining acts of cyber war (or terrorism) that are excluded from insurance policies, with Lloyd’s recently giving directions to underwriters towards excluding liability for losses arising from any state-backed cyber attack.
Problem too big to solve alone
The Green Paper offers several solutions-focused discussion points, as the authors examine the complementary roles of government, business and insurers.
“The problem is simply too big for any sole party to tackle on its own,” Win-Li adds. “Finding the right balance between guidance, education, mitigation, cover and regulation will require government, business and insurers coming together and appreciating one another’s perspectives.” Constructive conversation will encourage give and take, she says. “Active partnership between these stakeholders is critical in plugging the gaps, in heading off market failure and in creating a robust risk management framework, where cyber insurance can thrive and offer better protection against cyber risk.”
Listen to the Actuaries Institute podcast here.
Other articles by
Other articles by Win-Li TohMore articles
Recent articlesMore articles
Accuracy and causality the hot topics in data science at SIGKDD 2022
Tom Moulder shares his top picks from the lively discussions at the recent knowledge discovery and data mining conference in Washington DCRead Article