Cyber risk management needs to be a ‘shared task’

Cybersecurity needs to be an enterprise-wide responsibility and not handed over to a single individual or department, according to Paolo Volpi, casualty and special lines director at European Risk Frontiers sponsor HDI Global in Italy. Mr Volpi said that in Italy cyber is still too often the sole responsibility of IT. But, in his view, the responsibility for cyber risk should become a “shared task” of all departments. “In fact, it should become a task of each and every employee of a corporation. By shared task, I mean that several experts within a corporation should work together and share their experience, ideas and knowhow to reduce, prevent and transfer cyber risk. People need to be educated and involved and take responsibility,” said Mr Volpi. Asked how much cyber risk is actually insurable, Mr Volpi pointed out that every risk is insurable if you have the necessary data to analyse the threat and, of course, provided you have a legal framework. In Italy, however, cyber extortion is not insurable because there is no legal framework to regulate this type of insurance solution. He explained that, apart from this exception, HDI Global offers industrial companies in Italy a comprehensive insurance solution in a single package called Cyber+. “The scope of cover includes own and third-party damage, including losses from business interruption – which have arisen as a result of data privacy breaches – data confidentiality breaches or network security breaches. Important additional benefits are also supplied as standard to complement risk and crisis management within the corporation,” he said. These additional services are important because rapid assistance is necessary after a successful cyberattack. Companies that have suffered a loss need access to specially trained experts whose cost is covered under the insurance claim, added Mr Volpi. He said that cyber capacity currently appears adequate in the Italian market. Italian companies mostly buy cyber cover between €3m and €10m, sometimes asking for coverage of up to €20m. “As the understanding of the risk is developing we will probably also see rising demand for capacity and rising cover. As to the level of premiums, we are currently seeing a healthy relation between premium rates and the risks that are being covered. After all, companies can transfer a large amount of their cyber risks to industrial insurers at very reasonable rates,” said Mr Volpi. Insurers can do a lot to help risk managers prevent and manage cyber risk, in Mr Volpi’s experience. He said that following a cyberattack, the approach from the first minute onwards must be focused on acute crisis management. HDI Global brings in IT forensic experts to analyse the attack, obtain evidence, determine the extent of the damage and prevent potential consequential losses. Lawyers that specialise in IT and data protection legislation can also help companies meet their obligations to provide information. Communication service providers and PR specialists help in crisis communication to limit reputational damage, said Mr Volpi. “Regular communication with customers is particularly important for cyber risks because the framework conditions and threats change and develop very quickly in this area,” he added. Mr Volpi agreed with most of those who have taken part in this year’s Risk Frontiers survey on the question of whether governments should play a bigger role in this market and perhaps create cyber pools to back up the open market. He said such intervention is not needed for now but does not rule it out in future. “In my opinion, now is not the right time to call for government interference in the cyber insurance market in Italy. We prefer to leave this to the professional market players, in other words the brokers, risk managers or general managers of the Italian companies themselves, and naturally to the insurers. Having said that, I would not rule out the possibility that we might have good reason to revisit this issue and discuss it again in the future,” he said.

Cyber risk management needs to be a ‘shared task’

Want to read this article?

Read Next

Insurers defend Nord Stream’s €400m lawsuit as act of war

Allstate posts nat cat loss of $343m for March

UAE flash flood losses manageable as insurers adapt to changing weather

New professional indemnity solutions in Australia from Markel

Generali splits insurance and asset management in restructure

Insurers defend Nord Stream’s €400m lawsuit as act of war

Allstate posts nat cat loss of $343m for March

UAE flash flood losses manageable as insurers adapt to changing weather

New professional indemnity solutions in Australia from Markel

Generali splits insurance and asset management in restructure

Want to read this article?

Read Next

Insurers defend Nord Stream’s €400m lawsuit as act of war

Allstate posts nat cat loss of $343m for March

UAE flash flood losses manageable as insurers adapt to changing weather

New professional indemnity solutions in Australia from Markel

Generali splits insurance and asset management in restructure

Related Articles