“Most companies do not understand the cyber risks they face today, ” says Robin Kroha, director of corporate security management at HiSolutions AG in Berlin and one of the Market magazine panellists. “Risk management is still conducted along traditional lines.” Whether it’s via an email leak, stolen laptop or network-crippling virus, cyber threats are now at an unprecedented scale, targeting intellectual property and commercially sensitive data of thousands of companies large and small.
Credit-checking agency Experian recently announced that more than 20 million items of personal data were illegally traded by criminals on auction-style black markets in the first half of this year. The most prevalent form of identity theft is account takeover, but criminals are increasingly setting up fraudulent accounts in users’ names.
Yet despite the alarming financial and reputational consequences of data breaches, many businesses across Europe have yet to adequately address their risk-management strategies.
A recent poll at Marsh’s annual Communications, Media and Technology conference supports this lack of preparation. While 69% of businesses said their concern about cyber risk had increased during the past 12 months, just 21% of delegates said their organisation had purchased cyber insurance cover. Only 11% felt confident that their current cyber-insurance met their organisation’s needs.
New laws, new opportunity
Along with this increased threat and low awareness, businesses also need to factor in the introduction of new EU data-protection legislation in 2014 that will make it compulsory for European organisations to notify clients or customers of any data breach.
What is clear is that businesses need to act – and quickly – to better protect themselves. And a more engaged dialogue with the insurance industry is a crucial factor in facilitating this.
In the US, where data-breach reporting is compulsory, the insurance industry is already helping companies navigate a breach crisis. In fact, the legislation has been one of the main drivers for US companies to purchase cyber insurance. Brokers and insurers have been able to explain the threats, assist companies with improvements to their business security and offer insurance products that reflect the range of new risks. These products cover new areas such as reputational damage.
Lloyd’s takes the lead
Already at the heart of 21st century risks, insurers and brokers at Lloyd’s can help European companies understand where their security provision may be deficient, as Graham West, Lloyd’s General Representative for Switzerland and Country Manager, Switzerland, explains.
“As well as providing innovative risk-transfer solutions, there is a role for Lloyd’s in educating the market and raising awareness of the risk among clients, ” says West, who also takes part in the Market magazine feature. “Lloyd’s is able to adapt existing cyber products, such as those developed for the US market, and apply them to the particular needs of EU countries. It’s also important to emphasise the role of the broker, in advising clients and adapting policies.”
Cyber threats pose too great a risk to be underestimated or misunderstood. There is a clear call for the insurance industry to engage with businesses to ensure they are provided with appropriate risk solutions.
Businesses need to avoid the misconception that cyber crime won’t happen to them, because it can and probably will.
(source: Lloyd’s website news)