Deloitte advises insurance on how to tackle cyber risks

By Joanna England
As our world becomes increasingly digital, cyber attacks are the next big threat and challenge globally...

As our world becomes increasingly digital, cyber attacks are the next big threat and challenge globally.

According to a statistical survey by Purplesec, cybercrime is up 600% in the US as a direct reaction to the COVID-19 pandemic. To put that in perspective, in 2018, there were 80,000 cyber-attacks per day, or over 30 million attacks per year in the US alone. 

This phenomenon not only poses a huge threat to businesses, it also causes a quandary for insurance companies too, which are responsible for underwriting the damage caused by an unexpected cybercrime.

While traditional insurance companies have resisted the move to digital servicing compared to other industries, their transition period has been accelerated because of the pandemic. A new report by Deloitte looks at how senior insurance executives are managing the numbers of claims relating to cyber-attacks, and solutions for dealing with them both in-house and through new claims.

Taking a holistic view of the industry threats, identifying and managing online security is the first challenge. Deloitte pinpoints areas of vulnerability companies face, ranging from consumer protection, absent exclusions (where cyber risks trigger claims on policies) and silent cyber risks. 

Firms must also look within their own structures to determine whether they are cyber secure, or whether their own procedures are leaving them open to online attacks. 

One of the challenges of preventing cyber-attacks is that there is not a one-size-fits-all solution. Every firm has different structures and operational methods and, therefore, different areas of vulnerability. The report suggests forming a team of experts to manage and troubleshoot digital platforms. 

Claiming for a cyber attack

Identifying and managing silent cyber risk through claims in the insurance industry requires expertise. Many firms requesting claims will not even be aware of some of their breaches, the report points out. Indeed, managers and supervisors must “identify, quantify and manage their cyber exposures in line with regulatory expectations.”

The report also looks at performing analytical tests to track data risks and manage tail risks. Firms are advised they will have to demonstrate effective handling of sensitive data and security systems. 

However, because the frequency and development of new cyber-attacks are so regular, insurance firms may have to insist on bottom-up assessments of a company’s firewalls and digital platforms, to assess how responsible they themselves might be for an attack and what potential payouts would be under-written in the event of a damaging breach.

Demand for new products

Furthermore, the tradition of reinsuring is cheaper than buying into a new policy. But, as the goalposts of cyber warfare are constantly changing, digital security is an area that requires regular assessments. 

Deloitte advises that firms carefully examine the types of damage that cyber-risks pose to insurance customers and how best to tackle those pay-outs in the event of a breach. 

Because of the vast number of cyber attacks that happen, the different levels of damage they cause, and their complexity, it’s essential that insurance firms form a strong criterion within which compensation will be paid or rejected. 

The solution

Deloitte refers to a management strategy, devised by its experts, that insurance companies can adopt. Called the Deloitte Cyber Incident Response and Breach Management System, it comprises a team of experts ready to be deployed in the case of a security breach that requires repair.  

The study also points to companies carrying out regular ‘stress tests’ to monitor the strength of their existing security features and expose new vulnerabilities. 


Featured Articles

How will blockchain technology reshape the insurance market?

Blockchain has the power to completely transform insurance, but are business leaders on board and how do we unleash its full potential?

Karen Lynch: Blazing a trail for the Health insurance sector

Karen Lynch is the President and CEO of CVS Health – a leading US health insurance provider. In 2021, she was the top ranking female CEO in the Fortune 500

Top 10 insurtech incubators and accelerator programmes

These are the biggest insurtech-related incubator and accelerator schemes, which all have proven track records of nurturing promising insurtech startups

InsuranceDekho raises US$150mn in Series A funding round


Could insurance technologies save more lives in earthquakes?

Technology & AI

Capgemini's Samantha Chow talks changes in Life insurance