Cyber insurance should go hand in hand with cyber resilience

Zurich head on why it's not just beneficial, it's imperative

Cyber insurance should go hand in hand with cyber resilience



In an era where digital technology permeates every facet of life, understanding the cyber landscape is not just beneficial; it’s imperative. Insurance Business spoke to Michelle Chia (pictured), head of professional liability & cyber at Zurich North America, to delve deeper into this evolving terrain.

“The rise in digital technology use over the past five years has been exponential,” Chia said, setting the stage for a discussion on the balance of benefits and risks brought about by this technological boom. She reflected on how the rapid adoption of digital solutions had improved communication and productivity but also increased vulnerability to cyber threats.

“When I first started, the cyber insurance industry was really small,” she explained. “I mean, consider how many people had iPhones – a small, small percentage. If we extrapolate that to today, almost everyone has a smartphone – and risk appetite was very broad in terms of quality and in terms of diversity.”

How insuring cyber risks has changed

Chia noted that, initially, insuring cyber risks relied largely on simple metrics like company revenue and industry type. Over time, however, this approach has evolved to become more nuanced, considering the intricate and dynamic nature of cyber risks.

“Today’s risk selection is much more sophisticated, reflecting the complex web of cyber threats we face,” Chia added.

Highlighting significant cyber incidents at renowned corporations, Chia pointed out how these events influenced the industry’s understanding of cyber threats. She specifically mentioned the ransomware epidemic as pivotal, underscoring the need for comprehensive strategies to counter such high-impact cyberattacks.

“Cyber insurance should go hand in hand with cyber resilience,” said Chia. “Risk management, cyber or otherwise, is based on a couple of fundamental pillars. One of them is resilience –  from a cyber perspective, using cyber security tools, how well does an organization detect, protect, respond and recover from cyber events?”

Zurich’s approach to cyber insurance

Speaking on Zurich’s initiatives, Chia highlighted the early establishment of its cyber risk engineering team. This team goes beyond traditional underwriting to deeply analyze and offer guidance on the technical aspects of cyber risks.

“Our approach includes a comprehensive assessment of risks and offering tailored recommendations,” she explained, emphasizing the team’s role in enhancing customers’ organizational cyber resilience. And advocating for regular cyber drills, Chia compared them to fire drills in terms of importance.

“Just as we prepare for fire emergencies, we must be equally diligent in training for cyber incidents to ensure swift and effective responses,” she advised.

Discussing the intersection of cyber and professional liability, Chia elucidates the complexity of integrating these insurance domains. The decision to combine these into one insurance solution in the US market, she explained, varies based on multiple factors, including the specific needs of the organization and the nature of the risks involved.

Why managing cyber risks is so important

Her engagement with government bodies, including Congress and the Departments of Defense and Treasury, highlights the importance of public-private partnerships in managing cyber risks. “Our discussions focus on resilience, emphasizing collaborative efforts in addressing cyber threats,” Chia said.

Addressing the challenge of unquantifiable systemic cyber risk, Chia pointed out the limitations of traditional insurance models in dealing with such risks. “These elusive risks, unpredictable in their regularity and magnitude, call for a reimagined approach to risk management,” she noted, advocating for a synergistic approach involving both public and private sectors.

As the conversation unfolded, Chia reflected on the future of cyber risk management. She underscored the importance of cybersecurity awareness and education, using the analogy of skydiving to highlight the necessity of being prepared for and understanding cyber risks before they materialize.

“Cyber resilience is critical for the domestic economy, for the global economy and its stability,” said Chia. “There are a lot of things that can be done and resources out there to help understand what can be built now compared to years ago. And there are organizations that are here to help.”

As digital technology itself and the manner in which society uses it continue to evolve, so too must our strategies for managing the risks it brings. We all need resilience, preparedness, and collaborative efforts in facing the cyber challenges of today and tomorrow.

“Zurich was one of the first, if not the first, organization to stand up a cyber risk engineering team,” said Chia. “Initially, this cyber risk engineering team was able to assess and evaluate risk beyond an underwriting perspective – really technical, nuanced details to understand the differentiation between a great risk, a mediocre risk and an OK risk.

“We have the ability to provide people, process and technology recommendations – improvements by way of solutions. It’s very exciting that we preach resilience and we also provide organizations those tools to be resilient.”

Related Stories

Keep up with the latest news and events

Join our mailing list, it’s free!