Gallagher is calling for a holistic and proactive approach towards cybersecurity and cyber resilience as cybercrime is rapidly increasing in frequency, scale, and sophistication.
According to Gallagher, one in three cybersecurity events are down to human error – with email being a major target of cybercriminals. As a result, companies' board of directors and senior management are expected to understand cyber risks, address them through their risk management framework, and create business continuity and disaster recovery plans with cyber breaches in mind.
IT teams do not always find cyber insurance necessary due to tools and processes they have in place, but Gallagher has emphasised that cyber insurance helps not only cybersecurity but also cyber resilience.
“From the insurers' perspective, premiums are increasing because it's a risk that's complex and difficult to assess, and consequently, the reinsurance market is contracting. Therefore, to minimise premium increases and keep policies available, businesses need to demonstrate a robust, proactive, and continual approach to risk management,” said Gallagher cyber/tech practice leader, Robyn Adcock, and client manager for professional & financial risks, Alberto Piccenna.
“Insurers and underwriters are clearly saying cyber is only covered under cyber insurance, and will no longer be covered under PI or public liability, so businesses need specific cyber cover for contractual, regulatory, and compliance purposes,” the pair added.
As cyber risks increase substantially amid the COVID-19 pandemic, Adcock and Piccenna emphasised the importance of a continual education program for employees aside from having the right software, systems, and processes.
“This should include regular testing – including sending ‘spoof’ phishing emails to staff to assess where weak points in the chain may be,” they continued.
“The challenging thing with cybercrime and, therefore, the cybersecurity and resilience measures businesses have in place is that cyber is not set and forget. It's a never-ending, continual journey that doesn't have a destination.”