Nikita Naicker | Underwriter | PI Tech & Cyber | SHA Risk Specialists | mail me |
These are times of unprecedented change and disruption. New technological innovations and geopolitical events are just two of the major catalysts of change in the landscape of risk.
In times of volatility, businesses are often faced with increased risk exposure, with opportunistic cybercriminals at the ready to exploit vulnerabilities and take advantage of loopholes. For insurers and their clients, now is the time for constant vigilance and proactiveness in mitigating these risks.
AI-induced vulnerabilities
Touching on some of the biggest trends in the cyber risk arena, one would be remiss to acknowledge that despite the many opportunities and efficiencies that artificial intelligence (AI) has introduced to the world of business, its emergence also represents a substantial risk.
Cybercriminals can use AI to better disguise their attacks and manipulate their victims into falling prey to social engineering attacks. Also, more and more corporates are becoming reliant on AI to streamline their operations. However, with the technology being relatively new, the risks are yet to be fully understood, which makes business more susceptible to cyber attacks. As a specialist risk insurer, we anticipate, that AI will have a medium to high impact on the risk landscape in the near future.
With the emergence of AI, which can enable criminals to generate and modify content to look legitimate, the threat of fake news and misinformation has also become more pronounced. Likewise, the increasing use of data, video, voice, and biometric technology also represents a growing threat of data leaks and theft. Companies now have an even greater responsibility to protect themselves from the financial and reputational risks related to misinformation and data breaches.
A turbulent geopolitical climate
Further afield, geopolitics also poses a substantial risk to businesses on both the global and local fronts. More than sixty countries this year will be running presidential elections. This creates an opportunity for cyber syndicates who have vertical connections and monetary incentives to support threat actors in their planned cyber incidents into stealing confidential information for executing cyber sabotage.
In addition, ongoing tensions throughout Europe and the Middle East is likely to intensify the impact on businesses in terms of risk. The economic status and accessibility to resources within nation states such as Russia, North Korea and Iran have global influence. Any developments in these key countries will have a ripple effect on the rest of the world – particularly the developing world.
For South African businesses, these events should signal an all-important call-to-action to tighten up cybersecurity measures and to invest in adequate insurance cover as a much-needed failsafe.
Trends in cybercrime
Some of the most noticeable developments in cybercrime include an increase in ransomware threats. Over the past year threat actors have evolved with diversified extortion methods thus increasing the number of attacks significantly.
Furthermore, business email compromise has become increasingly concerning within the corporate landscape. Through sophisticated social engineering methods, the use of AI and honest human error, threat actors have been highly successful in gaining access to corporate networks using business email compromise. Unfortunately, identifying fraudulent interactions which are baited by these threat actors is extremely difficult to recognise.
Big corporations with operations whose functionality and networks are interconnected, are also regarded as high-risk. Within these environments, cyber-attacks can take the form of threat actors gaining access through the vulnerabilities of service providers or vendors networks which are connected to a client’s network. Once the threat actor has gained access to the corporate network, the exposure to loss is imminent.
The second type of supply chain attack can occur in organisations that have not segregated their networks between various divisions. Should a threat actor gain access to a division wherein the vulnerability lies, they will be able to gain access to the rest of the organisation’s network through said exposure point.
The responses of a resilience insurance industry
Despite an increase in claims experiences globally, the local specialist market remains stable and competitive due to an increase in the supply of capacity. In the near- to long-term, this will likely result in insurance products being expanded, leading to the removal of ransomware sublimit, for example. An increase in business email compromise incidents has also seen an uptake in cybercrime extensions within the policy.
One of the positive trends from an underwriting and risk management perspective is seeing clients adapt to AI technology as a defense mechanism against cyber threats. In the long run, this can contribute to an improvement of a client’s risk profile and ultimately, the sustainability of the cyber insurance market.
We are continuously embracing technology to enhance data analysis, risk assessment and to automate our underwriting processes. As insurers, we also have access to experts within the field. Our aim is to raise awareness around the cyber risks that exist and the solutions that cyber insurance provides to combat this.
Selling cyber insurance is therefore not our sole focus – we understand our important role in sharing knowledge and educating the market about cyber security.
Related FAQs: Cyber insurance risk management
Q: What is cyber insurance and how does it work?
A: Cyber insurance is a type of insurance designed to help businesses manage the financial risks associated with cyber incidents. It typically covers costs related to data breaches, cyber extortion, and business interruption caused by cyberattacks. Cyber insurance works by providing financial coverage for losses incurred from these events, allowing businesses to recover and maintain operations.
Q: Why is cyber insurance important for businesses?
A: Cyber insurance is important because it helps businesses mitigate the financial impact of cyber incidents. With increasing cyber threats, having a cyber insurance policy can provide peace of mind by covering costs related to data recovery, legal fees, public relations efforts and potential liabilities from affected customers.
Q: What types of risks does cyber liability insurance cover?
A: Cyber liability insurance typically covers risks such as data breaches, cyber extortion, business interruption and reputational damage. It also addresses the costs associated with legal liability, notification of affected individuals and credit monitoring services for compromised personal information.
Q: How can businesses qualify for cyber insurance?
A: To qualify for cyber insurance, businesses usually need to demonstrate that they have implemented robust cybersecurity measures, including a risk management plan, security audits and employee training. Insurers may also evaluate the business’s IT infrastructure and overall cyber risk exposure before providing coverage.
Q: What are the key components of a comprehensive cyber insurance policy?
A: A comprehensive cyber insurance policy typically includes coverage for data breaches, cyber extortion, network security failures and business interruption. It may also encompass legal defense costs, regulatory fines and costs associated with public relations to manage reputational damage.
Q: Can cyber insurance help businesses recover from ransomware attacks?
A: Yes, cyber insurance can help businesses recover from ransomware attacks by covering the costs associated with the attack, including ransom payments, data recovery and any business interruption incurred. However, the coverage details can vary by policy, so it’s important to review the specific terms.
Q: What should a business include in its risk management plan for cyber threats?
A: A risk management plan for cyber threats should include a thorough assessment of potential vulnerabilities, implementation of security measures, employee training programs, regular security audits, incident response plans and coverage through cyber liability insurance. This holistic approach can significantly reduce cyber risk.
Q: Are traditional insurance policies sufficient to cover cyber risks?
A: Traditional insurance policies often do not provide adequate coverage for cyber risks. Businesses typically need specialised cyber liability insurance to address the unique challenges posed by cyber crime, including data breaches and cyber extortion. Cyber insurance policies are tailored to cover these specific needs.
Q: What kind of financial losses can be covered by cyber insurance?
A: Cyber insurance can cover various financial losses, including costs related to data recovery, legal fees, regulatory fines, business interruption losses and expenses incurred for public relations to mitigate reputational damage. The specific coverage will depend on the terms of the cyber insurance policy.