Cyber risk insurance will be one of the biggest challenges facing the international insurance industry according to an expert at Ernst & Young.
Shaun Crawford, global head of insurance at Ernst & Young, sees cyber risk as one of one of the biggest challenges to the insurance market in 2015.
“Cybercrime is a moving beast, making it impossible to quantify the risks neatly or to calculate them in an informed or consistent manner,” said Crawford. “With so much unknown, it’s not surprising that premiums are wildly different across the market, and without cross-market stability, the industry will most likely be operating on significant indemnity losses."
Crawford believes that insurers the world over will soon wake-up to the cyber risk market but sees the short-term as a difficult transition for insurers.
“It will no doubt be a matter of time before insurers simply refuse to accept the undefined transfer of risks,” he said. “But, in the short term, it is likely that they will start to demand evidence of adequate cyber risk controls from businesses that demonstrates they are taking cybercrime seriously and are taking the necessary steps to avoid opening themselves up to attack. This will present a whole new problem of benchmarking what does and does not constitute ‘adequate control’, which could put a spanner in the works, and result in cyber risk effectively being incompatible with the insurance model.”
Cheryl Martin, partner in financial services cyber and IT risk at Ernst & Young, warned businesses and insurers alike that, without a detailed mitigation and insurance plan, cyber risk can have disastrous effects. (continued.)
#pb#
“In the last decade financial services firms in particular have woken up to the dangers that cyber can pose to their business,” said Martin. “Many firms have built cyber risk into their business model, but there are still too many which have bolt-on functions that simply cannot be expected to effectively manage the potentially catastrophic risk that cybercrime represents. It is clear that firms need a dedicated risk function, with a direct line into senior management.
“Attacks are now coming from all angles. They are growing in sophistication and in their potential to do damage, and firms need to understand the importance of integrating risk into their business as a priority.”
