- The potential costs of cyber-attacks are escalating rapidly; cyber security and resilience are a growing concern for firms
- A dedicated cyber insurance market is developing fast, but the scale of cover is still relatively modest
- Product & process innovations, and Big Data and smart analytics, will help foster improved cyber insurance solutions
- Governments can play an important role in boosting cyber resilience
- This is the first report published by the Swiss Re Institute, which officially launches today
Cyber risk is a growing concern for businesses, with recent attacks demonstrating that the costs of a cyber breach can escalate well beyond managing the fallout of lost or corrupted data. Swiss Re’s latest sigma report “Cyber: getting to grips with a complex risk”, says businesses need to do much more to integrate cyber security into their risk management programmes. Initiatives to boost cyber resilience are underway. A dedicated cyber insurance market is developing rapidly, but so far the scope of cover is modest relative to potential exposure. Product and process innovation and also advanced analytics will help foster improved cyber insurance solutions and extend both the boundaries of insurability and reach of cover. Ultimately, some cyber risks, especially those related to extreme catastrophic loss events, may be uninsurable. For such risks, there may be a case for a government-sponsored back-stop.
In its Sigma report titled “Cyber: Getting to grips with a complex risk,” Swiss Re said, “the costs of a cyber breach can escalate well beyond managing the fallout of lost or corrupted data.”
Recent high-profile cyber-attacks increasingly demonstrate that the costs of a cyber security breach extend beyond managing the fallout of lost or corrupted data. Firms must now factor in the potential damage to their reputation, physical and intellectual property, and also disruption to business operations. The increasing scope and magnitude of potential costs associated with cyber-incidents reflect the ever-evolving cyber risk landscape, which in turn is being shaped by three main dynamics:
– the growing speed and scope of digital transformation;
– the widening sources of vulnerability from hyper-connectivity, with the rapid spread of, for example, internet-enabled devices and cloud computing;
– and the growing sophistication of hackers alert to the potential economic gains from successful cyber-attacks.
Despite increased awareness of the dangers, firms are generally ill-prepared to cope with cyber risks. Relatively few firms have integrated cyber security into their mainstream risk management. Regulation could be a catalyst for change with legislation coming into force in many jurisdictions requiring firms to build enhanced data protection safeguards. As a result, “firms – large and small – need to invest more in cyber security architecture to develop robust pre-and post-loss risk management capabilities,” says Swiss Re Chief Economist Kurt Karl.
While a dedicated cyber insurance market was developing rapidly, the scope of its cover was modest relative to potential exposure, it pointed out.
“Product and process innovation and also advanced analytics will help foster improved cyber insurance solutions and extend both the boundaries of insurability and reach of cover.”
Nevertheless, some cyber risks, especially related to extreme catastrophic loss events, might be uninsurable, Swiss Re said.
Given this, the reinsurer argued for a government-sponsored backstop similar to the state support for protection against catastrophic terrorism risks.
“More broadly, governments have an important role in promoting cyber resilience, including measures to improve cyber information capture and diffusion, and setting laws and regulations about how cyberspace is used and protected. By reshaping incentives and increasing awareness of cyber threats, governments can further nudge the private sector into developing improved market-led solutions,” the report said.
The sigma report is e published under the “Swiss Re Institute” banner. The Swiss Re Institute was formally launched on Wednesday with an intention to provide high-quality research and outreach capabilities under one-roof.