The insurance industry needs to treat cyber like any other risk, an expert has said.
Speaking at the RIMS Risk Forum 2017, André Louw, chairman of
JLT in Australia, said that the cyber insurance market is currently “developing haphazardly” with the way the risk is being treated within organisations.
“It is very difficult because cyber insurance is partly evolving just like the risk is, in a silo, in isolation,” Louw continued. “Cyber risk is being featured as a speciality risk. The cover varies enormously from insurer to insurer and I cannot think of another product off-hand which has such variability in terms of coverage, and also pricing.”
Search and compare insurance product listings for Cyber from specialty market providers here
Louw said that while most cyber policies cover core risks such as data breach and response costs, the variation between coverage leaves exposures.
“There are enormous traps for those that are used to, let’s say, a stock standard ISR and who go and buy an off-the-shelf cyber product,” Louw continued. “There will be gaps.”
Louw said that the current “disjointed” approach towards managing cyber risk comes as organisations silo their approach within their IT departments. For the industry to better manage the risk, and provide better coverage to clients, Louw called on the sector to treat cyber as it does any other risk: as part of a risk management program with normal risk management principles applied.
“At the moment, I think it is pretty disjointed and we’ve got quite a long way to go before we manage cyber risk in an integrated way like you manage property risk, liability risk, worker safety risks,” Louw said. “I think that is going to make it much easier for us as brokers who are trying to advocate and sell our clients’ risk into the market, and also for underwriters to understand it better within the context of proper risk management.”
Louw added that brokers “need to de-mystify cyber” and work closer with clients and risk managers on better solutions.
“It’s part of a whole spectrum of risk that needs to be managed properly according to the normal principles,” Louw continued. “I think on behalf of clients and buyers in the market, we do need to make it easier, we need to integrate.”
Related stories:
Willis Towers Watson on how to help businesses control cyber threat
The ‘new frontier’ of cyber risk