Rapidly developing computer technologies and the unrelenting evolution of cyber risks present one of the biggest challenges to the (re)insurance sector today. Liabilities from cyber attacks and threats to the data security of cloud computing and social media have become key emerging risks for carriers. The unprecedented rise in cyber attacks, in addition to the threat cyber risk poses to global supply chains, has seen the cyber insurance market grow significantly in recent years.
The Emerging Technology Threat
Technology has dramatically changed the way we interact commercially and socially. The transformation in how we conduct business, interact socially and view the world over the last three decades has been vast. From smart phones and personal computers to the Internet and social media, technology has redrawn the boundaries of modern society in ways previously only depicted in science fiction.
Few aspects of our personal or commercial lives are now technology-free. And yet, most individuals and businesses only realize the extent of this dependency when they are negatively affected by a technology-driven or technology dependent-event.
Cyber risk is associated with the use of technology and the handling of all data and information. The threat transcends a company’s information technology (IT) department or what is confined to websites on the internet. To help overcome some misconceptions that still exist for cyber risks, some clarity around business exposures is needed in order to understand the scope of the threat.
Cyber risk essentially affects any entity that:
- Utilizes or relies on technology in its day-to-day operations
- Handles, collects or stores confidential information
In other words, most commercial entities are exposed to cyber risks. Furthermore, several recent surveys indicate these risks are increasing in scope, severity and frequency.
Early computer viruses such as the “I love you” worm have now been replaced by more advanced and persistent threats such as zero-day exploits, botnets and other similarly ominous sounding threats that target technology infrastructure. In addition, risks around privacy-related perils are escalating. These stem from social engineering and a robust underground economy that trades in stolen data. This has in turn led to an aggressive and enthusiastic regulatory environment that is creating a patchwork quilt of standards, a risk within itself.