- The role of the cyber insurance industry in ensuring a global cyber resilience ecosystem is undermined by the lack of a standardized framework to measure its cyber resilience.
- The increased demand for cyber insurance means that insurers are positioned and incentivized to influence the implementation of cyber resiliency standards as part of an enhanced risk assessment methodology.
- Cyber insurers play an important role in improving cyber resilience through collaboration, improvement, monitoring, and quality and intelligence.
The 2022 Russo-Ukrainian War demonstrates that cyber attacks continue to grow with the weaponization of cyber threats becoming a tool to maximize impact on multiple businesses and critical infrastructure important to national economies. Ensuring cyber resilience relies on effective risk identification and mitigation. So now it is more important than ever for organizations to put on a “digital bulletproof vest”.
The cyber insurance industry has an important role to play in enhancing and ensuring a global cyber resilience ecosystem. However, cyber insurers and insured organizations lack a standardized framework to measure their cyber resilience. Instead, they rely on industry benchmarks for resource allocation and outdated techniques to quantify cyber risk.
As cyber incidents increase in frequency and intensify in their disruptive impacts, it is clear that more spending on cyber security does not necessarily drive better cyber maturity. Insurers have intimately experienced the effects of immature risk assessment methods when insuring organizations over the past two years, as the top 20 cyber insurers have recently posted record loss ratios.
With the increased demand for cyber insurance, insurers are now positioned (and financially motivated) to influence the implementation of cyber resiliency standards as part of an enhanced risk assessment methodology.
There are several ways that cyber insurers are essential to improving cyber resilience.
Cyber insurers can collaborate with governments, regulators, and organizations to continually improve and prioritize actions based on current attack exposures, as they are uniquely positioned to adopt cyber resiliency best practices and observe good governance. hygiene and safety behaviour.
Not only can they provide the right incentives to encourage resilient behavior, but they are also financially invested in mitigating societal cyber risk across sectors and geographies. As a result, their balance sheets are intrinsically tied to the cybersecurity success of others.
The standardization of cyber risk measurement techniques and governance principles is beneficial for insurance and society.
2. Suggest improvement plans
Cyber insurers can also encourage organizations to follow the order of operations by suggesting plans for improvement.
Vendors conduct assessments of an organization’s security posture to define premiums. For that, they have access to multiple aspects of internal information, such as security incidents, breaches and complaints, data that may not have been made public.
Based on that information, cyber insurers define their premiums and contracts and could also define improvement goals that incentivize positive security actions.
Incentives like revised premiums and discounts for consistently strong security postures for policyholders could have a big impact.
3. Quality assurance and control tools
Cyber insurers can apply continuous monitoring tools and practices to ensure improved cyber posture through metrics such as security ratings.
Continuous monitoring minimizes cyber risks and increases understanding of an insured entity’s cybersecurity ratings at the time of a breach or incident. Overlaying this type of critical insight and discovery on the type of breach or incident that occurred and the impact categories described in the claims will provide a unique insight.
For example, uncovering any correlation between an entity type (for example, industry and size), the entity’s cyber maturity rating, and the business impact of the breach that resulted in an insurer claim (or multiple insurers in some cases) is an invaluable enhancement to our knowledge of risk indicators.
The World Economic Forum’s Center for Cybersecurity is leading the global response to address systemic cybersecurity challenges and improve digital trust. The center is an independent and impartial platform committed to fostering international dialogue and collaboration on cybersecurity in the public and private sectors.
Since its launch, the hub has driven impact across the entire cybersecurity ecosystem:
- Training a new generation of cybersecurity experts
Salesforce, Fortinet, and the Global Cyber Alliance, in partnership with the Forum, are providing free, accessible training globally through the Cybersecurity Learning Center.
- Building a global response to cybersecurity risks
The Forum, in collaboration with the University of Oxford – Oxford Martin School, Palo Alto Networks, Mastercard, KPMG, Europol, the European Network and Information Security Agency and the US National Institute of Standards and Technology, is identifying future global risks of next generation technology.
- Improving cybersecurity in the aviation industry
Through the Cyber Resilience in the Aviation Industry initiative, the center has been improving cyber resilience in aviation in collaboration with Deloitte and more than 50 other international companies and organizations.
- Making the global electricity ecosystem more cyber-resistant
The Center and Platform for Shaping the Future of Energy, Materials and Infrastructure have brought together leaders from more than 50 businesses, governments, civil society and academia to develop a clear and consistent cybersecurity vision for industry. electrical.
- The Council on the Connected World agreed on IoT security requirements for consumer-facing devices to protect them from cyber threats, calling on the world’s largest manufacturers and providers to take steps to improve IoT security.
- The Forum is also a signatory to the Paris call for trust and security in cyberspacewhose objective is to guarantee digital peace and security worldwide.
Contact Us for more information on how to participate.
Aggregation and anonymity of claims data analysis should show strongly correlated indicators, patterns and emerging trends. This data can be used as legitimate leverage during premium negotiations with policyholders, both annual and post-incident.
It is clear that insurers are well positioned to influence organizations to achieve cyber resilience. They can achieve this by taking advantage of continuous underwriting, where insurers regularly monitor the risk posture of the insured. This type of active monitoring can be influential in proactively educating customers on the best ways to prevent cyber incidents.
Armed with data-driven risk models, insurers can motivate policyholders to improve their controls, improving their cybersecurity risk score and resiliency in the context of an ever-evolving risk landscape.
4. Use and share intelligence
Cyber insurers can use and share intelligence with ecosystem players and law enforcement during an incident to speed reaction and reduce recovery times, thereby minimizing risk.
As already mentioned, vendors have unique access to data on security incidents, violations, and complaints that may not have been made public. It would be irresponsible for insurance providers to prevent this information from informing regulatory policy, cybersecurity practices, and incident response.
Indicators of Compromise (IoCs) are routinely shared among ISACS (Information Sharing and Analysis Centers) in the US, Europe, and Asia to aid in the collective resilience of an industry or industry such as oil and gas, financial services, or retail/hospitality. STIX and TAXII (now at version 2.1 as of June 2021) are structured data exchange protocols for this purpose.
Perhaps major companies should look into similar ways to create communities of insurance professionals who can benefit from aggregated and anonymized TTPs (Tactics, Techniques and Procedures) and corresponding data for events of breach or business interruptions. When more detailed threat intelligence sources from security vendors are added to this core of threat actor and event information, we may be helping to build a collective defense capability that is truly resilient and robust.