Most insurance and risk management professionals have by now heard of common cyber threats such as social engineering and phishing. However, a recent report from Aon has cautioned organizations that cyber risks can come from non-standard digital channels, including intellectual property, mergers & acquisitions, retirement, executives, computer crime, and the corporation itself.
Along with these threats, the broader cyber landscape is changing – and quickly.
“Cyber risk is only continuing to increase for organizations as more [of them] implement technology and use more data to run their business,” said Stephanie Snyder (pictured below), SVP and commercial strategy leader at Aon.
Aon’s 2019 report on cybersecurity risk focused on eight areas where threats could be coming from, but as the team looked to 2020, Snyder explained that “it became very clear to us that a lot of those eight risks that we focused on in 2019 frankly had not changed, so what we wanted to do for our 2020 report was help organizations better understand less appreciated cyber exposures.”
While many of the same risks remain front and center, the Aon group spent time talking to experts across its different practice groups, “because cyber risk is so ubiquitous and it has so many different tentacles that touch organizations when it comes to technology and data,” said Snyder. “In 2020 when it comes to cyber risk, expect the unexpected. I think that has held true and it continues to hold true as we come into the new year.”
In this context, provider of insurance education The Institutes has designed and updated its courses on cyber and data analytics, including “Managing Cyber Risk,” “Risk and Insurance Analysis Techniques” and its Associate in Insurance Data Analytics (AIDA) program, to better reflect the trends that insurers and insureds need to be aware of.
On the data front, the explosion of new types of data, increased computing power, and new ways of analyzing data brought about by the computers that are more powerful and less expensive is changing the property and casualty insurance business, said Michael Elliott (pictured top), a senior director of knowledge resources at The Institutes.
“We see the rise of insurtech start-ups and they are leveraging these new technologies, data, artificial intelligence, and so forth to get closer to their customers, to have more efficient processes, and to offer new types of products,” he continued. “We recognized that we needed to do a course on data analytics, so we have put in there a lot of the new types of analyses that are being done. We also explain data driven decision-making as well as data science and basic modeling concepts. We feel that it’s very important for claims, underwriting and risk management for people to understand the terminology of data analytics and to be able to work with data scientists, and that’s the objective of our AIDA program.”
The recent updates also put more emphasis on artificial intelligence and machine learning as well as robotic process automation.
Meanwhile on the cyber side, there were two key drivers for why it was important for The Institutes to update the related courses.
“This is probably the fastest changing area that we try to cover in risk management and insurance, and it’s moving so quickly and the nature of the risks are evolving at the same time,” explained Marty Frappolli (pictured below), also a senior director of knowledge resources at The Institutes. “If we had the means and the resources, we could update this program on a monthly basis.”
Another underlying reason to update the courses is that cyber is still a relatively new exposure and there isn’t a ton of data about it yet, making risk management a top priority.
“In relation to risk management and insurance in general, we are seeing the beginning of a shift in the way that participants respond,” said Frappolli. “We are seeing a shift in the marketplace and not specifically just with cyber risk, but with risk in general as new technology, Internet of Things, and sensors are allowing for risk management that is going to reduce the need for insurance while growing the need for people who are savvy in managing risk.”
The risk management component is especially crucial in the cyber discussion seeing as many experts view breaches as an inevitability for organizations. And even though it’s new and scary, the approach you can take to managing cyber risk is to follow the same pattern you might with managing much more conventional risks like fire or auto liability, added Frappolli.
The Institutes’ data and cyber courses are sure to be updated in the future as these fields continue to evolve at a rapid pace.
Added Elliott: “When we first came out with [AIDA] in 2016, the insurance companies were just starting to accelerate their efforts in this area. In the last couple of years, we’ve seen a tremendous amount of many new projects, and insurance companies largely embracing the cloud now, which before they weren’t, so we’re seeing a lot of changes that we need to keep up with.”