Cyberattacks are inevitable say UK CEOs - what are the implications for cyber insurance?

KPMG UK has published a report on UK business leaders who demonstrated that four in 10 UK chief executives think that a cyberattack in their company is inevitable. Keith Stonell, managing director, EMEA, in Guidewire Software commented about those findings and also the role the insurance industry should take to help British firm decrease the risks of cyberattacks:

It's crucial to be aware that although a cyberattack could possibly be considered inescapable, cyber criminals might not be targeting particular businesses. If they're targeting a business, or some other potential goal, people who have the weakest cyber protection is going to be the low hanging fruit. Because of this, we expect significant increase in the cyber insurance marketplace, in addition to other prevention approaches, and UK CEOs are verifying this by stating it's now a case of'if' compared to'if' they will endure a cyberattack.

We feel that consumer information is a significant advantage for businesses however, despite specialized interventions like GDPR, it's evident that lots of CEOs still don't register to this point of view that client information security is an integral prerogative for long-term development. Guidewire sees a tendency towards customers contemplating their private data to be valuable as physical possessions, and this getting more widespread across the customer foundation we anticipate a bad duty of care of customer information could result in substantial reputational injury, damaging expansion for businesses.

A point to stress is that insurance companies will need to find better methods to comprehend cyber dangers so that products which directly meet the demands of customers may be developed. Modelling cyber threat is difficult in comparison to other risks. We see three underlying reasons for it:

Insurers have traditionally constructed hazard models which rely on authoritative suppliers of information, like the United States Geological Society (USGS) for earthquake threat, or the National Oceanic and Atmospheric Administration (NOAA) for hurricanes and tropical storms. For cyber threat, there's absolutely no authoritative source of information that may provide a big, wealthy data-set for design creation. The world wide web is spread by nature and is becoming more complex as new technologies emerge. The threat landscape is constantly evolving and changing.
The next challenge in developing a cyber hazard version is analysing people and procedures along with engineering. Let's be fair, most cyber occurrences possess an individual component related to them. A fantastic percentage may be caused or assisted by disgruntled insiders, who often have valid access to the information being changed. Another large element is mishaps or mistakes like clicking on a link, or naively giving up info that may result in unauthorised access.
And ultimately, the insurer demands an economical model around cyber threat. The cybersecurity business is awash in metrics, benchmarks, scores, and evaluations. Regrettably, all these are rather tangential to the crucial question: just how much harm could a cyber occasion do?
For the insurer to react to business requirement for superior cyber insurance programs, they will need to unite data science, cybersecurity, and economics into a single analytics system which quantifies the financial impact of cyber threat. This needs a radical approach to how insurance companies use info listening and AI to produce the ideal versions for monitoring dangers which are extraordinarily dynamic.

The previous article was an opinion piece written by Keith Stonell, managing director, EMEA, in Guidewire Software. The opinions expressed within this article aren't necessarily reflective of the of Insurance Business.