The insurance industry could have a big role to play in establishing a set of global standards around cyber security, according to one expert.
Last week, a report from global broking firm
Lockton revealed that UK businesses are “severely unprepared” for the potential length and severity of a cyberattack – a problem that stems in part from
a “critical” need for better knowledge of cyber and IT issues at senior management and board level.
But the absence of a consistent set of standards internationally is also muddying the picture, according to an SVP at the firm.
Insurance increasingly has an “important part to play” on the global cyber stage, Peter Erceg, SVP of global cyber & technology at Lockton, told Insurance Business. “One of the issues we have around cyber security globally is a lack of global standards. If I’m a company in the US and in the UK, it’s very difficult for me to work out where I sit,” Erceg commented.
Insurance’s inherent aversion to risk means it is well placed to drive risk tolerance, but the market currently is too soft, he went on to say. “There is an argument that says insurance can drive those global standards, because it is the one constant.
“It’s certainly something that I think insurers can look at and can drive that forward, to have more of a global standard… It’s not going to happen from governments and regulatory – they will always be looking at what’s important for that country. The companies themselves aren’t going to do it, so it needs to be a central point that can drive it, and I think insurance has a part to play in that,” Erceg said.
As well as pushing forward a set of standards as an industry, insurers and brokers need to do better when it comes to driving education among clients – which the survey indicates is currently lacking.
Erceg added: “I think as brokers and insurers we have an important role in that we articulate the risks and which insurance products can help mitigate some of that risk. I don’t think we do a particularly good job of that at the moment as an industry. We need to talk much more about risk and less about product… it’s about understanding the risk side of it too.”
Related stories:
“Fractured and localised” APAC cybersecurity regs are a concern
AIG sees cyber insurance requests rise 87% in Asia