How insurers need to change as cyber threat evolves

Insurance industry will also play a vital role in mitigating the threat for its clients

How insurers need to change as cyber threat evolves

Cyber

By Bethan Moorcraft

Technology and digitalization are now major players in global business and operating models. As companies increase their technological footprint and expand their digital strategy, they become increasingly vulnerable to cyber-related risk and potential data breaches.

Cloud-based technology and the ‘internet of things’ all have cybersecurity implications that need to be addressed with meaningful products, solutions and strategies, according to Tracey Malcolm, leader of the Future of Work practice at Willis Towers Watson.

Search and compare insurance product listings against Cyber Attack from specialty market providers here

“The way organizations need to address cybersecurity is changing,” Malcolm told Insurance Business. “They’re moving from a technical, execution-focused space to a prevention-focused mindset, which requires much more planning and consultation at the offset.

“The insurance industry is increasingly moving into the Cloud in terms of its overall IT architecture and engineering approach. They’re offering more Cloud-based and mobile or application-based solutions to clients, so without question, they’re needing to address a new cybersecurity reality.”

As well as acknowledging the evolving cybersecurity space internally, the insurance industry is also a key player in helping clients become cyber-savvy and mitigating cybersecurity issues within insureds’ organizations.

One of the more compelling decisions a company must make is whether its cybersecurity lives inside or outside of its internal IT division, according to Malcolm. There are different decision factors in play that insurance brokers need to understand before advising their clients.

“An organization might move their cybersecurity away from their IT division in order to get a better line of insight and an increased focus on information security,” said Malcom. “They might want to improve their service delivery and overall governance around data protection, and so having cybersecurity as a separate entity might be helpful for management purposes.

“Sometimes, organizations will fold cybersecurity back into their internal IT division so that there’s better integration with IT, where the predominant skills lie in architecture and engineering, penetration testing and incident response. Internal talent sharing between IT and cybersecurity divisions could help an organization to address cyber issues more efficiently.”

A major issue in the cybersecurity realm is a widespread lack of skilled cybersecurity workers, according to Malcolm. There are ways to address this problem through pre-emptive talent acquisition, onboarding and outsourcing.

“Insurance brokers need to tell their clients to get real. The specialized recruitment process is taking longer than ever, with some critical cybersecurity roles taking between six and 12 months to fill,” Malcolm commented. “One of the things we’re encouraging our clients to do is think about pre-emptive talent acquisition. Organizations need to start sourcing the talent pipeline earlier and keep it regenerated.

“They can also look for skilled workers in alternative, non-traditional areas like law enforcement or government agencies that often have robust training programs around auditing, insight, threat intelligence and risk management. Another business strategy would be to look internally at the idea of talent sharing between divisions.”

Hybrid cybersecurity roles can be hard for businesses to fill. Insurance brokers need to be helping clients understand the benefits of hybrid roles and the preventative perspective of cybersecurity regardless of the size of the organization, said Malcolm.  


Related stories:
Cyber-attacks on cloud services “accelerating”
Why it’s not just criminal cyber breaches you should warn your clients about

Keep up with the latest news and events

Join our mailing list, it’s free!