EY - Insurance: Insights into cyber security and risk

Insurance: Insights into cyber security and risk

  • Share

What insurers need to know to achieve information security and mitigate risk

Like other sectors, the insurance industry is under constant attack as cyber threats become more pervasive, persistent and sophisticated. Therefore, insurers must develop systems and processes to protect against data breaches and the loss of intellectual property.

But unlike companies in other industries, insurers must gain deeper understanding of cyber risks if they are to underwrite, price and service cyber liability policies. Such policies are evolving to include not just technology providers, but all organizations that collect, store and process data from their customers.

This two-part series examines the challenges insurers face along two primary dimensions: cyber security and risk management.

Part 1 highlights the essential elements for cyber security, including:

  • Proactive security strategies to address and manage proliferating cyber threats
  • Data integrity – the ability to independently prove what happened in a digital infrastructure, determine the impact of a security incident and distribute the liability for a data breach
  • Security challenges relative to big data and the need for robust analytics capabilities to address them.

Part 2 focuses on the risk aspects of cyber liability insurance, including:

  • The correlation of cyber risks to enterprise risk management, including risk modeling and transfer
  • Exposure related to data breaches, but also risks associated with supply chains, emerging digital technologies and rapid-growth markets
  • The impact of cyber risks on reinsurers
  • The emergence of cyber captive insurance
  • Cyber liability regulation and rating

To mitigate cyber risks, insurers must:

  • Accept that all insured infrastructure is a target, with the highest value assets the most frequent targets
  • Remain alert to changing trends and emerging threats within the market and ensuring that policy terms and conditions do not increase exposure
  • Consider a cyber risk center of excellence approach that extends across customer, risk-centric and financial activities.

The way forward for insurers

There are both near-term and long-term actions for insurance companies seeking to establish cyber security, including:

  • Develop and implement a long-term, enterprise-wide security program,
  • Invest in cyber security and work to demonstrate the value of those investments
  • Examine keyless signature infrastructure as a means to enable auditability
  • Implement solutions to monitor and report on the effectiveness of security programs
  • Embrace a “management by data analytics” approach for risk assessment.

Download the Insights into cyber security and risk 2014 as printable documents:

EY - Part 1: Cyber insurance, security and data integrity

Part 1: Cyber insurance, security and data integrity

  EY - Part 2: Mitigating cyber risk for insurers

Part 2: Mitigating cyber risk for insurers