Cyber risks: stability, predictability and continuity – especially in difficult times!

In today’s world, when just about everything depends on information technology being available around the clock, the effects of a service interruption or security breach can be enormous, especially if the incident results in a total breakdown.

Nowadays, we need everything to be available instantaneously and around the clock. So, when information technology doesn’t work, companies can’t do business in the usual way and sometimes they can’t do business at all. Interruptions in service can quickly lead to considerable financial loss, to say nothing of the additional costs involved in investigating the cause of the cyber incident, or the potential damage to a company’s reputation.

The more details the better

Due to the growing number of cyberattacks, companies are more threatened than ever, which is why coverage for this type of risk is increasingly coming further into focus. Exposed sectors, such as financial service providers, the retail sector, the healthcare sector or government institutions, are increasingly requesting protection.

However, the loss experiences of the last few years and the fact that cyber risks are always changing rapidly are now prompting underwriting-oriented insurers such as Chubb to further recalibrate the risk. This means questionnaires, audits and interviews to determine the risk in the most precise way. What can sometimes be perceived by businesses as time-consuming and possibly even tiresome is, however, indispensable for insurers in view of the complexity of this type of risk.

Understanding the risk in as much detail as possible is essential in order to be able to insure it – capacity is certainly available on the market.

Creating a secure foundation

Insurance is never a substitute for comprehensive preventive security measures, but rather a necessary supplement. Everyone should be aware of this. A basic prerequisite for companies to gain access to the cyber insurance market is still an adequate level of IT security and protection.

Companies do not have to reinvent the wheel to obtain reasonable IT security, because they can adapt  to standards that have been matured over many years and can also become certified. From an insurer’s point of view, raising the awareness of employees is a key factor, as people still represent one of the greatest weak points in terms of IT security in any company.

This is not a new insight, but today it is more problematic than ever for companies, as careless actions by the workforce are the biggest gateway for viruses or hackers. Companies should place great emphasis on educating their employees to create a general awareness for cyber risks. This can be achieved by relatively simple and inexpensive measures, for example by ongoing interactive training and education.

Clarity on both sides

As cyber is a fast-paced, fast-changing risk, one of the main challenges for the insurance industry is to keep up with developments and provide new products quickly to cover emerging threats. To be able to continue to cover cyber risks, clarity is needed on both the company and the insurer side.

In addition to comprehensive, transparent risk information, clear wordings and a clearly defined risk appetite are important. This applies not least regarding systemic and accumulation risks, and the extent to which they can be insured. A precise definition of the insurability of risks is also essential for the sustainability of the insurance market, for innovative and adequate solutions.

What really matters

In the face of today’s challenging risk landscape, it is important to have reliable partners who can assess the impact of both current and emerging risks. A reliable partnership in which companies and insurers jointly face the challenges of today. It is about stability, predictability and continuity, about clearly formulated requirements, and promises.

For this, it is important for businesses and their insurers to seek dialogue, share experience and knowledge around the changing risk landscape, and thus promote a living and proactive risk management. Knowledge of one’s own risk and its management can also influence companies in their decision-making regarding risk transfer. Ultimately, the goal is better resilience of the insured and, of course, a stable, sustainable market with long-term insurance solutions.

Contributed by Chubb.