Digital disruption has opened up a whole new world of untapped potential for FSI businesses in the form of cyber insurance. COVID-19 has also given an unexpected boost to the cybersecurity market as a result of the shift to home working and a surge in cyber-attacks. For the insurance industry, the market opportunity is massive. Management of online risk is now a priority for businesses around the world, no matter what size. And with the global cyber insurance market expected to reach $433.6 billion by 2030, up from $119.9 billion in 20191, now is the time to take action.
There are now more than half a billion variants of malware in the industry and we're seeing more than half a million new instances2 of malware created every single day. As Jeff Kilford, Client Compute Director at Intel, puts it: "These are absolutely terrifying numbers that organisations should be completely aware of so that they know the scale of the malware threat. There is a new set of threats that will drive some of the thinking around how these companies are insured and how they protect themselves. There'll be a different level of threat next year but then a totally different level of threat again the year after. If you're completely unprotected, you have absolutely no chance of keeping up with that."
With October internationally recognised as Cyber Security Awareness Month*, it's a good time to explore some of the key trends in the cyber insurance world. According to a white paper produced by Intel in collaboration with key industry experts and commissioned for the UK insurance industry, there are five key questions that need to be asked:
1. How can the insurance sector convince businesses of the importance of guarding against cybercrime?
Cyber insurance has been a priority at major enterprises for some time but smaller businesses have been slower to engage and may need extra encouragement. While the effects of a cyber-attack may be felt for some time by larger companies, they are likely to recover if they have a solid cyber resilience strategy in place. But when small businesses are hit by a cyber-attack, they are far more likely to struggle or fail.
Stimulating demand for cyber insurance through public information campaigns is vital, as is the need for more real-life examples of the consequences of a cyber event for smaller businesses. Highlighting local awareness initiatives that are already in place will be key to driving greater awareness of cyber risks and what can be done about them.
2. What do cyber insurance products need to encompass or avoid to appeal to businesses?
It's important for insurance firms to offer a diverse range of products designed to suit all types of businesses and their available budgets. There is also a strong argument for educating brokers so that they know exactly what they are selling and which products are best suited to which type of business. What's more, some standardisation of wording – if the industry can make this happen – would make products easier to understand. Consistency and simplicity is key to making cyber insurance more compelling and understandable.
3. How can incentives and standards be used to encourage businesses to take up cyber insurance?
Legislation, along with government-backed bodies, is already helping to encourage a culture of cyber resilience among businesses and helping to protect consumers and their data. Standardisation, in the form of common language and a set of benchmarks, is also important, along with guidelines for minimum IT requirements.
Certification schemes enable businesses to not only develop their cyber resilience, but also demonstrate to insurers that they have capabilities and processes in place to manage threats. This kind of certification could also mean that they qualify for incentives from insurers, such as reduced premiums.
4. What intelligence is needed to encourage insurers to invest in cyber insurance?
As a relatively new sub-sector, there is little historical data for cyber insurance and what little data there is isn't stored in a standardised way. An inability to access relevant data could hold back insurers from unlocking the full potential of the sector so sharing of intelligence is vital. Insurers need to continue to work together with regulators and industry associations to collate cyber security data. Data will be vital for understanding how to value policies due to the complex nature of the cyber threat.
5. How can the insurance sector work with external partners to boost its role in the global effort to reduce cybercrime?
Collaboration is absolutely key, both on a national and global scale. To take advantage of the cyber insurance opportunity, it will be necessary to agree on a certain degree of standardisation, making products easier to understand and sell. The sharing of data and intelligence will also be important in the shaping the future of this industry sub-sector, so working with a range of industry partners will be vital.
The insurance industry must work with tech partners to highlight the importance of upgrading IT systems to include the latest security features, such as Intel® Threat Detection Technology (Intel® TDT). This suite of hardware-enhanced technologies can be incorporated into independent software vendors' security products to boost existing capabilities and improve cyber threat detection.
Intel has also introduced a range of new security technologies in its upcoming 3rd Generation Intel® Xeon® Scalable Platform, code-named 'Ice Lake'. The new Intel® Total Memory Encryption (Intel® TME) feature helps to ensure that all memory accessed from the CPU is encrypted, including sensitive information such as customer credentials and encryption keys. The aim here is greater protection for system memory against hardware attacks.