The tireless march of digitalisation has left no stone unturned in the insurance ecosystem with even the most traditional of business lines tapping into new tech-forward services in the hope of efficiency gains or sharpening their propositions. Now two decades into his career at Beazley, Ian Fantozzi (pictured) CEO of Beazley Digital, Beazley’s digital business unit which focuses predominantly on small commercial business, has had a front-row seat to its advances.
Zeroing in on how digitalisation is impacting the cybersecurity landscape, Fantozzi highlighted that as businesses become more digitised, it broadens their attack surfaces by creating more entry points in the business for a cyber threat actor to exploit. In addition, he said, businesses’ growing dependence on technology can also increase the number and variety of vulnerabilities they have.
“It's not really that long ago that many businesses would only be considered as a set of physical assets and some people,” he said. “Now many businesses don't have any kind of physical location. They have people but the business entity itself is actually a digital one. That brings opportunities in terms of scaling those businesses, but it does increase that attack surface in terms of vulnerability.”
As part of a risk and resilience thought leadership series, Beazley carried out a survey with a range of businesses with annual revenues from below $1 million to up to $1 billion plus, determining that over a quarter of those questioned (27%) now identify cybersecurity risk as their top business threat. That highlights the evolution of businesses into digital entities, he said, and also reveals a new level of recognition of the scale and scope of cyber risk.
“That’s a huge advancement,” he said. “Maybe even just five years ago, [cyber risk] might not have even factored into their thinking, let alone understanding how they could have their whole business effectively shut down by a cyber attack. Also, 29% of the SME businesses we surveyed said they were unprepared for the risk of their technology becoming outdated.
“So you can imagine that smaller businesses that have limited budgets to invest in technology will struggle to keep up with the constant evolution of different cyber threats. And that’s why we’re here - to offer cyber insurance and cyber services to fill that gap, where those businesses may be more challenged in making those investments.”
Fantozzi highlighted that one of the biggest changes Beazley has seen in the last two years is the recognition that just having an IT network in place with a simple set of security credentials does not offer sufficient protection. The fruits of the ongoing effort to educate customers on cyber risk, have started to feed through, he said, but there’s more to be done.
Taking multi-factor authentication (MFA), for example, he said, you’d be surprised how many businesses still aren’t using it fully. And for those businesses that don’t have MFA or an equivalent, that is a red flag that needs to be addressed. That said, however, small businesses are certainly starting to apply these security measures, with the help of tech vendors. Some of the large tech vendors, including Microsoft, now offer these protections as a standard in their software suite so progress is happening.
“Because it's a constantly evolving environment, we do have to continue to educate both our end customers, but also our brokers on the evolving threat landscape,” he said. “We, for our part, offer ransomware and business compromise workshops. We offer crisis communication and incident response workshops and we also run simulated phishing attacks.
“Beazley has something called the Cyber Customer Centre that businesses can log into. And there's a whole set of educational materials about different threats and how to respond to them included in that. We’ve got templates for incident response planning. I think a lot of larger businesses will have that as standard, but a small business might not think that they need to have that sort of thing in place.”
More recently, he said, Beazley has been trialling an ‘incident preparation room’ which allows an insured to move its staff to a secure corporate network in the event of a suspected compromise. This allows employees to communicate with each other without worrying that the hacker might be monitoring that communication. So far, this has been trialled with 1,000 customers, with plans to roll it out more broadly in the near future.
One of the key principles behind Beazley’s cyber proposition for SME clients is its emphasis on providing a value-add service. It’s not just about offering insurance, he said, the team is looking to provide a range of services that bolster that insurance policy, which is a proposition that he has seen resonate strongly with brokers and clients alike because it offers peace of mind in the event of an outage.
Staying ahead of the curve is critical to helping clients mitigate their own risk profiles, he said, but it’s also what allows Beazley to stay ahead in a cybersecurity landscape that is evolving as rapidly as the cyber threat landscape.
“There’s been a lot of new entrants into the cyber insurance market in the last few years, and you need experience in this space,” he said. “And Beazley has been around a long time, and it's been writing these products for a long time. When a threat landscape is evolving very rapidly, you need to have the experience and the breach data to analyse in order to be of great value to your brokers and customers. And that's how we think we differentiate against some of the newer entrants in the market.”