We asked executives at RIMS what the biggest risk facing cyber insurers is today. These are their edited responses:
Mario Vitale, President, Resilience Cyber Insurance Solutions:
There are several that are that are going on at the moment: the lack of supply or capacity compared to demand — it's out of balance. That's a big crisis. I also think at the same token, affordability of the product for our clients, risk managers and board of directors that are demanding the coverage is certainly an issue. But in order to address those two issues, we have to address the core of the problem. And that's cyber risk management, and working hard to bring a value proposition of making businesses more cyber secure, and marrying that with the proposition of risk transfer. It goes hand-in-hand. If you're a well secured risk and maintain that standard of excellence in your cyber risk management, then you get a superior value proposition out of the insurance. We've launched Resilience Cyber insurance solutions to help solve that problem.
Scott Sayce, Global Head of Cyber, Allianz Global Corporate & Specialty:
For me, it's about being stagnant. Technology is changing at such a fast pace more than it ever has done before. And us as insurers, we have to move with that, we have to be up to speed with all the time changing technology, the risks associated with that, so that we can continue to provide value to our customers over the long term.
David Shluger, vice president, Cyber Risk Engineering, Zurich North America:
So right now, everyone understands that this risk is incredible. I think the biggest challenge is not getting started soon enough. This is not something we can procrastinate on. If you're going to aim to achieve true cyber resilience, it takes executive support, it takes investment, and it takes really smart concentrated effort. It is possible. And there's a lot of ways that different organizations can help. But I think it takes a broad team from in-house, whether it's the Chief Information Security Officer, other executive teams, as well as vendors, carriers, brokers, and the whole industry here has the ability to support it.
John Bennett, managing director, Kroll's Cyber Risk Practice:
Really the biggest cyber threat is companies not being prepared. They are aware that this threat is out there. And there's 1,000 different attack vectors that threat actors will come at a company on. But you already know the answers to the test when you're a company, you know, are you doing patching? Are you doing multifactor authentication? Are you doing the basics and having a security culture that everybody helps protect a company? And I think that is the biggest threat that we see in the cybersecurity market right now is the companies. Some of them are just not willing to accept that they need to spend money and time to get this right. Because the cost of not getting it right — It will be able to drain a bank account and it will kill your reputation.
Bob Parisi, head of cyber solutions North America, Munich Re:
A lot of people will tell you war. And I'm not gonna say it's not. But I think when we're dealing with operational technology, and all the technology underpins how industrial companies work, the stuff that we don't see in interacting with technology — I think that's the biggest cyber risk.
