Brokers and insurers must raise cyber awareness
According to Cristina de Uriarte Chávarri, director of financial lines and international business at Concentra Grupo, the Madrid-based member of European Risk Frontiers sponsor Worldwide Broker Network, responsibility for cyber should fall into the hands of the many, rather than the few.
“To forestall and mitigate risks derived from a cyber event, prevention is required, so the whole company has to be aware of what the use of the internet entails and the ways there are to minimise cyber risks. Education at a general level is key,” she said.
To maximise security breach prevention, all employees must be trained on protocols and security procedures that help “close the door” to uninvited guests, said the broker.
Ms Uriarte Chávarri added that it is also important staff are informed of current threats, hacker trends and claims, so they understand that cyber risk not only affects large enterprises, but also medium-sized and small companies.
“The board of directors is legally responsible for the management of the risks the company undertakes, so has ultimate responsibility. But that responsibility must be shared down to the last individual employee. For the protection to work properly there has to be a feeling of accountability across the organisation,” she explained. The broker argued that risk managers clearly have an important role to play when it comes to cyber risk, but they must work with the data protection manager and other areas such as IT, legal, compliance, operations and HR.
Ms Uriarte Chávarri said that, in her view, brokers and insurers still have a big job to raise awareness about the reality of cyber risk.
“In our experience, there is still not enough awareness within clients that these risks are daily, seriously affect companies of all sizes and are increasingly sophisticated,” she said.
“We brokers should raise the subject to current and potential clients, so that at least they consider including some cyber risk assessment and protection in their programmes. We can also assist in the identification, prevention and implementation of solutions,” added Ms Uriarte Chávarri.
The broker said no official statistics are available about the take-up of cyber insurance by Spanish companies, but explained that it is clearly on the rise.
“We have not seen official data about the percentage of Spanish companies covered. But the trend is for larger public corporations to purchase, or at least contemplate the purchase of, cyber risk insurance. Financial institutions and healthcare institutions are also buying protection because of their high vulnerability,” she said.
“Carriers are telling us it is a market sector that is increasing at a very fast pace, but there is no data. What we can see as brokers is that clients are showing an interest and many are asking for quotations, but they are not yet including this coverage as a must, like property or casualty policies,” added Ms Uriarte Chávarri.
Ms Uriarte Chávarri said that, in her view, some insurers could improve their wordings to more clearly establish the terms, conditions and scope of cyber coverage.
“There is some confusion with certain products. In other cases, it is not clear how deductibles work, since many of the policies are a combination of first- and third-party liability products, and deductibles apply for each coverage,” she explained.
The good news is that Ms Uriarte Chávarri said she has seen certain insurers accept the fact they cannot handle this risk alone and have therefore established partnerships with IT providers, lawyers and PR firms to provide the service customers need.
“This one-stop shop and pre-approved panels should really help the client take a holistic approach to deal with a security breach when it occurs,” she said. Ms Uriarte Chávarri believes there is adequate cyber risk capacity in Spain for the time being, supplied by both national and international carriers.