Cyber risk and the changing role of insurance

Abstract

ABSTRACTA brief look at how the cyber risk landscape is evolving and what this means from a risk and insurance perspective, particularly as businesses accept they cannot hope to prevent all cyber intrusions regardless of the sophistication of their IT security. While cyber insurance is currently a stand-alone product, we are moving to a future where all classes of risk and insurance will be touched by cyber. Meanwhile, the rapid pace of technological change, increasing connectivity through the internet of Things and the changing MO of cyberattackers introduce new vulnerabilities and increase the potential for systemic and risk aggregation complexities that will need to be measured and monitored by insurers. As cyber underwriters scrutinise the IT security of firms seeking insurance, they also have an important and growing role as a de facto regulator. They are setting the bar for the cyber hygiene standards necessary in order to qualify for insurance, and in so doing, encouraging organisations large and small to implement systems and processes that will mitigate cyber risk.