“Risks continue to grow with all the new technology out there,” observed Mike Kimiecik, Verizon risk manager during a panel discussion at the recent Insurance Business Cyber Risk Master Class.
For instance, Symantec estimates that Internet connected devices will number 6.4 billion this year, which is a 23% jump from 4.9 billion in 2015. The total is expected to hit 20.8 billion in 2020 as myriad devices such as medical implants, cars and smart TVs become enabled with capabilities to gather, store, and transmit data through computer networks.
To play catch up, the insurance industry needs to also evolve in the way they create and deliver their products and services, the panel said during the master class.
As more devices connect to the internet, Kimiecik said that there needs to be standards that ensure built in security at the very basic level, such as forced ID and password changes, as post-event analyses of recent distributed denial of service (DDoS) attacks revealed that the devices used to propagate malware were still on vendor default passwords that the users were supposed to but did not change.
Kimiecik further noted that there is currently a lack of “real standards” across areas and products to ensure the security of the enterprises and individuals that use such technology.
David Gresko, risk and insurance manager at Noble Energy, meanwhile emphasized that the underwriting community should be made to be comfortable providing coverage for cyber security.
He added that cyber protection is a “cooperative effort” where defense strategies need to evolve. Among others, he advised insurers to look into the services they could provide to help companies manage their exposure as they increasingly migrate to computerized and automated systems.
He explained that in the course of working with potential clients, they may not be able to sell a policy, but they could offer something more valuable by providing services that would respond to a client’s specific cyber risk management needs.
“You can’t rest on your laurels. The hackers keep getting smarter,” he added as he stressed that the goal “is to make sure we don’t have cyber loss.”
Similarly, Mario Paez, national practice advisor for professional risk practice of Wells Fargo Insurance Services, noted that commoditizing risk poses a danger for companies.
He explained that coverage should not just be about “risk transfer” but rather an effort to have a profound understanding of that risk such that carriers will be able to “surround that risk with vendor services” ranging from loss mitigation services to post breach services.
Paez further noted that the drafting of coverage and claims adjusting should be a coordinated effort between the insurer and the insured.
In addition, he said that because of the rapidly evolving nature of cyber risk, insurers and their clients must continuously update their defense strategies by discussing such, not just on an annual basis, but at regular intervals throughout the year.
“It’s more of a partnership,” he concluded.
Insurers need to catch up with evolving technology risks: experts
US insurance "disturbingly" behind on security, data privacy: Report