Often a good superhero story starts with a massive challenge, whether it's stopping a war or saving the earth. In our digitally interconnected world, we have lots of large challenges on the table, but one is getting more and more important: how to manage and mitigate cyber risk, being the flipside of many of the huge benefits and comforts that the digitization of life and the economy brings.
Insurance in general, is rarely seen as Wonderwoman or Superman swooping in to save the day. Far, far from it. However, insurance is actually very well positioned to help businesses and society to deal with those risks. Here are three ways that insurance can play a mitigating role for cyber risk.
One: classic insurance
The classic insurance value proposition: financial relief after a loss has happened. Cyber losses for large companies go up to hundreds of millions of dollars, as seen with some of the larger data breach cases in the US as well as with companies not being able to operate after last year's Petya/NotPetya events. However, not just large companies are affected, smaller firms might also run into liquidity shortages after a cyber event and may therefore prove even more vulnerable towards an existential crisis than large corporates. So yes, classic insurance might not help prevent an incident, but it definitely can help the company in question to deal faster and more effectively with the fallout.
Two: modern risk partnership
Modern cyber risk insurance combines financial relief with services that help to prevent cyber risks and support companies in case they are hit nevertheless. These crisis management services range from helping to understand the incident with specialized IT forensics to managing press and the public with specialized PR support, to dealing with the legal situation. There are also several levels of partnership between insurance and technology companies. Modern cyber risk insurance goes from including ancillary technology services into an insurance offering to creating a cyber risk ecosystem with companies, technology providers, and of course insurance.
Three: post-modern engagement
Post-modern engagement even goes a step further and looks at the bigger picture. Cyber risk is so broad and ubiquitous, that it is not possible for a certain sector or body to deal with it on its own. Public–private partnerships that shift the balance towards risk resilience is one area that is being explored and insurance has a seat at the table. Benefits can be better information due to data sharing, national and international cooperation, and the general increase of cyber maturity by implementing minimum security standards and spreading best practice approaches. Insurance has shown in the past that they can play an important role in raising awareness and helping to improve risk management practices, and are therefore an important part of the joint global effort to manage and mitigate cyber risk.
Insurance may not be Batman flying in on his Batmobile, but it offers some surprisingly advanced potions that can actually make a difference to people and enterprises battling cyber risk.