Cyber risk - Management needs to act

Cyber risk - Management needs to act | Insurance Business

Cyber risk - Management needs to act

The following is an opinion piece written by Michael Klitvad (pictured), CEO of HDI Global Denmark. The views expressed within the article are not necessarily those of Corporate Risk and Insurance.

The World Economic Forum (WEF) in Davos is focusing on cybercrime which costs industries more than 1.300 billion euros annually according to Mr Orting, head of the new WEF Centre for Cybersecurity.

Companies and the public sector have to do more to counter and protect themselves against cybercrime as the bad guys can cause harm in many ways. Yet, many management teams hesitate to act and to insure against the risk. Many management teams seem to hope it won’t be so bad or it’s the company next door which is a target.

An interruption of a business could cost four million euros a day for a company with a turnover of one billion euros (and with 250 working days a year). After two weeks the loss becomes 40 million euros. This is a risk which the board and the management has to be ready to accept without any cyber insurance.

In terms of financial losses, cyberattacks can be as devastating as fire. Therefore, it makes sense to approach cyber risk in the same way as you deal with other risks like a fire. What is the risk? How can we protect and prevent it? When to call the fire brigade? Do we need 12- or 24-month coverage for business interruption losses?

Risk management means prevention first, and insurance to cover the rest.

Cybersecurity starts with analysis and preventive measures. It is the ‘fire brigade’ that secures a first response from experts and system recovery, plus coverage for business interruption losses.

Mr. Orting states that cybercrime is the most risk-free type of crime today. It is the bad guys looking for the weakest animals in the herd - which is the easiest target, and which will deliver the highest profit/ROI?

In order to not be the easy target, management must act. For their own sake.

We need a much higher attention to risk and more action in order to guard against cybercrime. As a start the board and the management must understand and take measures to limit liability. Secondly, they must make sure insurance is in place to cover what risk is left.