How insurers can learn from the cyberattacks of 2017
Cyber exposure is an unwelcome reality faced by commercial organizations worldwide. It’s one of the fastest growing risks in the world as businesses become more interconnected, data-driven and reliant upon technology.
Events in 2017 pushed cyber security issues into the limelight. Huge hacks highlighted the shocking vulnerability of our personal information as well as the agility of cyber criminals. Hackers targeted consumer’s personal data, hospitals, voting records, school districts and more. While some breaches largely impacted US consumers, others, like the WannaCry ransomware attack, spanned more than 150 countries. Its malicious strain affected more than 300,000 computer systems across businesses worldwide and racked up considerable business interruption losses.
Global insurer Chubb is a top provider in North America’s increasingly active cyber insurance market. It offers a consistent level of cyber protection through three distinct avenues of cyber coverage: standalone, packaged products, and via its executive management package products. The company’s cyber policyholders have experienced the events of 2017 and, as a result, Chubb has identified several key areas to focus on as it continues to underwrite cyber risk.
“Some of the larger macro-level cyber events of 2017 have brought to life the reality and acceptance that there’s significant aggregate risk associated with cyber,” said Bobbie Goldie, senior vice president, Chubb. “We look at those bad-day scenarios, stay tuned into everything that happens, and apply all of that knowledge of claims and external observations to our systemic and aggregate risk modeling.”
“At Chubb, we always look to evolve and adapt our cyber suite and risk management services based on what we learn from an analysis of industry data and our own extensive database of proprietary claims information. We apply what we learn from our claims and use that knowledge to provide helpful underwriting questions, targeted services and value-added solutions for our clients and partners.”
The cyber focus for Chubb moving forward continues to revolve around the basics, regardless of company size or industry: making sure businesses accept and understand cyber risk; educating them around the tools and technologies used to mitigate that risk, including risk transfer; and making sure organizations can implement these tools, as well as cyber response plans.
“My advice for insurance brokers selling cyber insurance is to simplify the risk transfer conversation, be willing and able to talk through the mitigation tools that often accompany cyber insurance policies, and also be prepared to provide real claim examples,” Goldie told Insurance Business. “With cyber risk management, there’s always an element of going back to the basics.”
“You have to answer questions like: what does this cyber policy insure for? What value-added services accompany a policy (if any)? What do you need to do in the event of a cyber claim? At Chubb, we partner with our cyber insurance clients to make sure they understand developing exposures, and walk them through pre- and post-breach scenarios so they’re in the best position to implement risk management of their cyber risk.”