This year is the 350th anniversary of the Great Fire of London, one of the largest urban fires in history. Caused by a flying spark in a bakery, the fire destroyed a third of the city, and made 100,000 people homeless.
Increased risk of fire was one of the significant negative consequences of urbanisation, arriving alongside a set of new economic and social opportunities enabled by the growth of cities. The risks that came with urban expansion were serious, but did not dissuade people from city living. Instead, society captured the massive benefi ts through risk mitigation, including insurance.
Our joined-up response to urban fire offers a parallel for how we might address one of today’s most pressing issues: the cyber opportunities and threats arising from the digital revolution.
Where it came to urban fire, our response was multi-faceted. Governments required building in brick and stone. People stopped heating with open fires in their homes. We developed fi re insurance.
Deployed in combination, these moves allowed cities to thrive, while fi re risk declined. Indeed, our joined-up response to urban fire offers a
parallel for how we might address one of today’s most pressing issues: the cyber opportunities and threats arising from the digital revolution.
By 2026, five billion people will be connected through four billion smartphones and 50 billion connected devices. Connectivity is driving social progress. Businesses are mining new seams of innovation. The possibilities seem limitless. But with transformation, new opportunities are balanced by new risks.
Governments and cities fear cyber attacks could disable critical infrastructure, imperil national security and threaten the economy. Intangible digital assets are at risk from economic espionage while privacy breaches cost money and loss of business.
So how do we manage these risks so that we can unlock the full benefi ts of digitisation? The answer is to adopt an integrated approach for building cyber security, one in which organisations in the public, private and social sectors adopt a package of risk mitigation measures. Six priorities should be on every company’s integrated “cyber risk check-list”:
1 Enterprise-wide governance
A cyber strategy should be led from the ‘C-Suite’. It needs to be managed on a wholeenterprise basis, with collaboration across corporate functions.
2 Assume hackers are already inside
We need to assume not only that hackers are trying to get in, but that they are already inside our companies’ data. Tackling the enemy within requires di erent measures from trying to keep them out.
3 Invest in making the workforce cyber-smart
Investing in enterprise-wide cyber-security training is expensive, but a vigilant workforce is a vital protection. It means offering a combination of rewards and disincentives to encourage a culture supportive to cyber security.
4 See technology as one of several lines of defence
IT solutions are often the fi rst port of call for organisations looking at cyber defence. It’s important to understand, however, that technological defences are a critical but not su cient response on their own.
5 Insure for cyber threats we cannot mitigate
While insurance is an old and experienced industry, the cyber risk market is young, and because these risks are hard to quantify, insurance companies’ willingness to put capital at risk is currently constrained. No doubt the market will broaden and deepen over time, as we become better at quantifying cyber risk.
6 Allocate enough capital to the right cyber defences
Companies need to understand, quantify and provide for their greatest cyber exposures. This starts with identifying critical assets to create a critical digital asset register. These are assets which impact on financial stability, customer relationships, and regulatory compliance and trust.
We are in the middle of a technological revolution in the way we live and do business. It’s a very young revolution, with amazing opportunities and substantial risks. Some argue that the solution lies in technology, some that it lies in institutions, some that it lies in human behaviour, some that it lies in insurance. We think it’s all of those things coming together.
Dominic Casserley is the president and deputy CEO of Willis Towers Watson and also leads Investment, Risk and Reinsurance for the company.