COVID-19 and cyber risk: a front and center issue for organizations

COVID-19 and cyber risk: a front and center issue for organizations | Insurance Business

COVID-19 and cyber risk: a front and center issue for organizations

At the start of the COVID-19 pandemic, many organizations had to rapidly pivot from work in the office to a fully remote structure. While some were well prepared and able to accommodate such a shift, others were scrambling, increasing cyber security risk. The concern for insurance companies was how easily these companies were able to transition and whether they were able to do it securely.

Register now: Find out more about cyber risk and COVID-19 at our free virtual event

“Employees tend to be the weakest link, especially with the added disruption and distractions,” said Stephanie Snyder (pictured), senior vice president and commercial strategy leader at Aon. The disruption being the pandemic, and the distractions being working with kids at home, e-learning or trouble transitioning to a new way of work.

The pandemic has created a whole new level of uncertainty around cyber security. From a cyber insurance standpoint, Snyder says the market began hardened through the first quarter of 2020 as a result of technology error and omission (E&O) losses over the past several years and a more recent increase in the frequency and severity of ransomware attacks.

This has forced insurers to take a hard look at their pricing, capacity, and retention programs. Now, insurers must also consider the uncertainty presented by the pandemic and the potential for increased claims because of the vulnerabilities that have been introduced with a fully remote workforce.

“COVID-19 is accelerating the transition of the cyber insurance market into hard market conditions, where we are seeing premium increases become more of the norm,” she added.

The COVID-19 pandemic may prompt a lightbulb moment for a lot of organizations that cyber security risks should be front and center. As companies become increasingly reliant on technology to run their business, it should raise questions as to what happens if that technology fails. Cyber insurance acts as a backstop to be able to protect organizations from a system failure standpoint, yet less than half purchase a standalone cyber policy.

Snyder says given the fact that COVID-19 has forced so many companies to focus on the technology infrastructure that runs their business, she expects it will bring out new buyers. While it’s too early to identify any claims trends at this point, Snyder says Stroz Friedberg, an Aon incident response solution, has picked up on some early patterns that could filter into the claims process.

“We are still seeing steady ransomware attacks and what’s interesting is that the incidents are taking companies longer to respond to because companies are more widely distributed while working remotely,” she said. “What I anticipate from that is larger losses because of outage times being longer as companies try to get back up and running.”

As organizations emerge from lockdown, there is another concern that vulnerabilities that occurred while teams were working remotely may only be recognized on their return, which presents a lot of uncertainty around potential claims.

Cyber insurance has typically been a competitive market with new insurance carriers coming in and driving down overall rates and expanding coverage, but Snyder says with the continued frequency and severity of tech E&O claims and the added question mark of COVID-19, carriers are re-evaluating how much capacity they’re willing to put up.

Stephanie Snyder will be joined by a panel of industry experts at the IB Virtual Event: Broker Connect Cyber, which will discuss the impacts of the COVID-19 pandemic and how brokers should set themselves up for success in the ‘new normal.’ To register for the event, click here