With cyber risk is evolving so fast – and on such an unprecedented scale – how can businesses and individuals adequately prepare?
NASA has gifted the world with countless technological advances down the years. Few know, however, just how innovative the space agency was when it came to insurance.
As the Apollo 11 astronauts blasted off into the unknown territory of the moon, the issue of life-insurance was a non-starter. Hence their families being provided with “Apollo insurance covers” – effectively date-stamped, signed photographs which would have great value should the worst happen.
Today we are once again standing at the threshold of a great unknown which is taking businesses into unknown and uninsurable territory: the cyber-space.
How, then, can businesses protect themselves in this new frontier? And with the unprecedented interconnectedness of businesses leading to potential losses running into the billions, how is it possible to insure such massive risk?
“We are very heavily focused on helping businesses understand how we tackle these issues before it becomes a problem,” says Mark Bannon, Head of Cyber Liability, EMEA, for Zurich. “We help them take a more informed view of what their cyber risks are and what practical steps can be taken - and insurance coverage is just one part of those solutions.
This is taking the insurance industry into uncharted waters, transforming their role from the business of compensating to preventing risk. Zurich recently launched a new Cyber Policy and is one of the first insurers to offer network security monitoring as a pre-breach service in conjunction with the policy form.
“It's about when you are prepared for when the worst happens; how you go to a resilience posture that means your business is better positioned to respond to the pressures from your customers and to regain normal operational capability in the shortest time possible.
“We're not being alarmist about this but we're trying to help people and industries understand we've got to go into this problem with our eyes wide open.
“The good news is that there are solutions out there already. They are AI driven and they are looking at network behaviour analytics to identify breaches quickly and effectively.”
The Global Risks Report 2019, a collaboration between the World Economic Forum and Zurich Insurance, identifies cyber-attacks and data fraud or theft as two of the top five global risks in terms of likelihood.
Meanwhile, as geopolitical tensions continue to rise, the vulnerability of critical technological infrastructure is a growing national security concern.
The ubiquity of cloud computing, along with the digital interconnectedness of companies and their suppliers, has led a widening pool of businesses to recognise their vulnerability.
“Up until five years ago, it was healthcare, financial institutions and retail which really insured themselves against cyber risk,” says Lori Bailey, Zurich’s Global Head of Cyber Risk.
“Those three industries were very obviously data driven, with specific regulations governing the protection of that data.
“Now you've got interconnectivity everywhere, and we're seeing manufacturers, automotive, agriculture, hospitality and transportation - all of these industries that are not necessarily data driven but are clearly impacted by different suppliers.
“There are a number of different data points throughout the entire supply chain that can create a huge loss if there is a cyber breach somewhere along the line.”
This means the traditional approach of building airtight defenses is no longer viable. With organized crime turning its gaze in earnest to the cyber world, a new industry is being built around social engineering, cultivating and harvesting intelligence on individuals via the internet. This requires a new focus on end-to-end cyber resilience, with as much emphasis on response and recover as detection and prevention.
The criminals scour LinkedIn profiles, Facebook profiles and social media platform discussion groups, along with targeted bogus phone calls to create bespoke cyber-attacks on businesses and individuals.
“To be honest with you it's quite easy to do and it's attracting a lot of interest from well-organized global criminal gangs who are also involved in drugs, counterfeit products, weapons and all sorts of serious crime,” adds Bannon.
There's a whole host of criminal activity underway right now and it needs to be looked at in a far more holistic way in terms of managing people. The cyber threat is now far more about people, processes and behaviors.”
So it is not only insurance companies which need to change. Individuals, too, must be educated about the sea change in the cyber risk landscape – and their responsibility to play a crucial role in tackling it.
As Zurich’s Lori Bailey puts it: “I can put locks on every door and window in my house to keep people out but if I use my Alexa, someone could find a way in through my security camera, or even my refrigerator.
“There are people that can steal information out of my home even though they've never set foot in it.”