CYBER RISK

1. How should senior management view cyber risk?

Cyber risk has become an enterprise-wide concern for the entire corporation and a key economic risk. Gone are the days when only IT was involved in preventing and defending against a cyber event. Today, senior management needs to ensure that all key stakeholders are invested in managing cyber risk and that they understand their roles.

2. What do corporate boards think of cybersecurity?

Boards of directors expect and demand regular updates on an organization’s cybersecurity. Concerns extend beyond forensic expenses and settlements. Lost revenue, intellectual property, business relationships, employee morale, and customer confidence are all potentially at stake. No board can afford to be caught without a plan for cyber breach/attack.

3. What role should analytics play in preventing cyber events?

Analytics are crucial in determining how susceptible an organization may be to a cyber incident and in helping organization determine necessary insurance limits. Services such as Marsh’s proprietary Cyber IDEAL model, which identifies damages, evaluates, and assesses limits, helps provide a range of potential outcomes and costs associated with a breach.

4. What do the insurance markets for cyber risk look like?

The dedicated cyber market consists of dozens of underwriters with up to US$500 million in aggregate capacity available, depending on industry sector. Prices have increased on average 19.1% for cyber insurance in Q2 2015 compared to last quarter, while the retail sector has seen a rise of 32% on average. In addition to regular coverages like privacy, business interruption, cyber crime, and crisis management, cyber underwriters often offer loss control services, including elements such as risk assessment tools and breach counseling, typically at no extra charge.