The advance of connectivity in light of the digital revolution has radically transformed our lives and brought unprecedented benefits to companies in the way they operate and do business. However, digitization is a double-edged sword and comes with risks, including cyber exposure. Companies face a number of challenges such as the prospect of more disruptive and costly business interruptions, the increased frequency and cost of ransomware incidents, the consequences of larger data breaches and more robust regulation - both locally and abroad - as well as the prospect of litigation if something goes wrong. In 2021, cyber incidents ranked among the top business risks - globally and in Iberia.
There has been a significant increase in cyber losses in recent years. If we measure losses by the number of claims, 57% are due to technical and IT failures or incidents due to human error, 40% to external manipulation of systems and 3% to malicious internal actions, e.g. employee misconduct.
With increasing digitization and telework brought about by the Covid-19 reality, cyber vulnerabilities have increased even more. Security around access and authentication has become a critical issue. Employee awareness and training can significantly reduce the consequences of a cyberattack, especially when it comes to identifying phishing and malware schemes in company emails. Companies should also continually invest in technical IT security and have access to incident response services in the event of an incident. Having a good business continuity plan in place, including the cyber incident scenario, is also key to minimizing the financial impact.
Cyber incidents can have severe consequences
There is no such thing as 100% security, and every company or sector is exposed. However, companies with online business models and a large amount of customers' own data are particularly exposed targets. Supporting companies in the event of a cyber incident is the premise of cyber insurance, as it transfers some of the financial risk to insurers and reinsurers. It can provide a holistic approach to help prevent and minimize first- and third-party losses, through preventive risk consulting, as well as incident response and forensic services through a network of partner companies.
In this environment, companies increasingly view cyber insurance as a key element of an overall cyber resilience strategy. These companies know what their valuable data and assets are, are committed to established IT security standards - and continue to be updated - and are acutely aware of the most important aspects of a potential cyber incident. On the one hand, there is the concern to mitigate a potential business disruption resulting from a system or encryption crash and, on the other hand, in the event of a data breach, compliance with a number of obligations imposed by the GDPR regulation, including informing affected customers as well as notification obligations to the local data protection agency.
Cyber incidents are also increasingly likely to trigger litigation, including shareholder and consumer class actions. It is therefore essential that companies are aware of the obligations especially the costs of data recovery, communication and sometimes lost profits that can be caused by an unauthorized attack on their digital systems.
Risk awareness and increased demand
According to market studies, the global cyber market is expected to reach between 20 and 25 billion euros by 2025. At present, the market volume is estimated at €7 billion.
Which has been offering cyber insurance since 2014, has followed this growth trend: while the market needed education on this new product in the first years after the launch, as of 2018 the issuance of cyber policies has grown strongly. Today Spain is the leader in the cyber insurance market in the large companies segment in the country, it generates more than 100 million euros of gross premium issued with cyber insurance.
Cyber insurance is not a substitute for weak defense mechanisms, but rather the opposite. We are therefore pleased that the growth of cyber insurance in Spain is apparently going hand in hand with a significant improvement in cybersecurity, as well as the awareness of managers in Spain. A global IT company conducted a survey among its clients indicating that 77% of them had started to invest in cybersecurity projects and 91% stated that their senior management supported cybersecurity investments. As a result, it is estimated that these investments will increase by at least 10% worldwide by the end of this year.
News: Insurance News 07/06/21