Technology is taking over the everyday American’s life as more devices connect to computer networks. But the risks are growing with continued adoption.
Figures from technology security firm Symantec paint an alarming picture of the current state of cyber security. According to company figures, zero-days spiked by 125% in 2015 from 2014, an exponential increase over the 4% observed in the 2013-2014 period, as attackers continue to exploit flaws in browsers and plug-ins.
Websites are at high risk with 75% vulnerable to attacks. Phishing increased by more than half at a 55% rate in 2015.
As insurance firms struggle to provide protection and coverage to their clients, Verizon risk manager Mike Kimiecik said in a panel discussion during the recent Cyber Risk 2016 Master Class that the biggest challenge to insurers is the continuing evolution of cyber threats.
He explained that among others, insurers have to deal with “bad actors” or malefactors who release viruses or engage in scams and hacking. Further, bad actors have reached the state level, where cyber-attacks are endorsed and initiated by governments, as in the case of Russia’s alleged hacking of US elections.
Kimiciek also noted that intellectual property is another puzzle area for insurers as there continue to be “too many unknowns” in this asset segment of enterprises.
“(Cyber coverage) is part of the equation, but it doesn’t replace security,” he further emphasized.
David Gresko, Noble Energy risk and insurance manager, said that in the energy sector, quantifying risk is a problem.
The current situation in this space, he said, is that energy players have to source cyber coverage for different aspects of their exposure from various companies, with the possibility of these policies not covering a certain loss if a specific attack occurs.
Thus, Gresko said it is important for insureds to sit down with their underwriters to help them understand the requirements specific to their sector.
Further, Mario Paez, Wells Fargo national practice advisor for professional risk practice, said that these gaps can be addressed by providing a more industry specific coverage, as opposed to one-size-fits-all coverage.
Bespoke policies, he said, are “cumbersome” but migration to these forms of coverage has been observed.
Paez further explained that cyber insurance is a “relatively immature marketplace” and that providers need to understand the evolving risks that attend technology adoption.
To achieve this, he said, underwriters will need proper tools to increase their understanding of such risks.
Is cyber insurance modeling missing key components?
US insurance "disturbingly" behind on security, data privacy: Report