I recently took part in a podcast with my colleague Harry Metzger for Insurance Business America to discuss the ways that brokers could use data and analytics to better advise their clients on cyber insurance purchasing.
In particular, we discussed how intermediaries can understand the cyber risk profile of their clients. This would enable them to examine where companies are vulnerable to loss and how they might buy insurance for risks that can’t be mitigated.
Lessons can be learned from drawing parallels with other sectors. I’ll start with a seemingly unrelated anecdote: In the 1970’s, criminal researchers developed the “routine activity theory”, which explored why crime rates changed in the US from the 1950s to 1970s. This shows you must have a convergence of three factors, which map to cyber risk neatly:
- A likely offender (threat actor)
- A suitable target (e.g. assets a business seeks to protect)
- Absence of a capable guardian (security posture)
What can brokers do to help their clients manage each of these 3 factors and reduce their loss cost?
- Start with the basics, perimeter hygiene and employee training, which go hand in hand. Figure out what an attacker would see if they were to digitally profile a company. Look at that picture, and then only expose computers to the internet that you want the public to have access to. Make sure that all of your employees understand the access they have been given, what the effect of someone abusing their access would be, and how to protect that access through things like secure and unique passwords and phishing awareness.
- Avoid viewing cyber in isolation, but do so holistically. There is very often a disconnect between people in an organization thinking about IT security, and the people focusing on risk management and insurance. This is especially true in the small and mid-size market where one or both of these roles may not even exist.
CyberCube has put a lot of resources into developing a new Broking Manager product, to empower brokers to be knowledgeable partners in cyber risk management. We think it’s critically important for insurance intermediaries to be in a position of knowledge and trust, to help companies not only understand their cyber risk, but also help quantify a company’s financial exposure to cyber risk using data-driven approaches as opposed to anecdotal evidence. Brokers can help enterprises take the appropriate next steps to ensure that their business is robust and prepare for this very dynamic and quickly evolving cyber risk landscape.
CyberCube will be hosting a webinar with Advisen on November 13 “Quantifying cyber risk: how brokers can add value with analytic tools”.
To register, go to https://www.advisenltd.com/quantifying-cyber-risk-how-brokers-can-add-value-with-analytic-tools/
link to podcast audio: https://soundcloud.com/user-147829907/cyber-series-ep-2-best-practice-cyber-risk-mitigation-strategies
