The impacts of high profile cybercrime incidents like WannaCry and Petya continue to ripple through the insurance industry and the wider economy. Not only have these massive hacks prompted an increased demand for cyber policies, they’ve also created apprehension among underwriters who attribute the wide scale success of the breaches to systemic organizational weaknesses.
There have, however, been some positives that have come from WannaCry and Petya, explains Jeremy Barnett, senior vice president of marketing at
NAS Insurance.
Celebrate excellence in insurance. Nominate a worthy colleague for the Insurance Business Awards!
“Policyholders and prospective policyholders now understand how important it is to maintain the patches and updates on their crucial systems,” Barnett says. “Both of those events are related to organizations that did not update their Microsoft operating system. Those Windows vulnerabilities get exploited, so it’s a reminder to chief technology officers to put practices in place to make sure they are updating software effectively.”
There’s been a feeling in recent years that hackers have been able to stay one step ahead. Lawmakers and organizations have struggled to match cybercriminals in terms of sophistication and capability, and, according to Barnett, not much has changed on that front; the hackers are still ahead. The vast majority of business executives in management positions do not have software engineering experience and, therefore, do not naturally understand their organization’s vulnerabilities.
Despite all of the technical advances made by hackers, social engineering remains the biggest cyber security risk to American companies.
“It is still human beings that are the vulnerability because there are ways to manipulate human behaviour, and that’s where we’re seeing most of the issues,” Barnett says. “Ransomware is entering systems from people clicking on an email and downloading a file, or from someone clicking a link on a web browser. The human vulnerability is always going to be the most exploited risk.”
With an increased demand for coverage and a heightened awareness around digital risks, it would be fair to assume that pricing for cyber insurance would be on the rise. In fact, the opposite is true.
“We are in a much swifter downward trend, in which the rates for coverage are significantly lower than they were,” Barnett says. “There are many more carriers in the market who are driving the price lower; it’s a very soft market for cyber liability. As a result, carriers are being forced to find ways to differentiate themselves from the crowd by providing value added services to their clients.”
Related stories:
How cyber insurers are boosting their value proposition
How insurers are helping to combat phishing scams