The cyber (re)insurance sector is always evolving, and as COVID-19 upends how businesses interact with technology and workers around the country continue to operate from home offices, the reinsurance market sees a number of emerging trends that present both potential challenges and opportunities.
Pre-pandemic, cyber incident breach response plans (CIBR) assumed the majority of employees would be working on-site in corporate-controlled environments, according to a recent briefing from Guy Carpenter-affiliate Marsh. Now, many — if not most — employees are working remotely in a wide variety of settings. These non-corporate environments can introduce a host of new threats that IT and cybersecurity teams must prepare for.
As IT and cybersecurity teams tighten up their organizations’ cybersecurity, they may not have considered their CIBR plans and how to adapt them to the “new normal” and the cyber incidents that may yet occur.
Security weaknesses are inherent in many home networks, which are typically “plug-and-play” and designed to operate with few configuration options when users deploy them. Physical security cameras, appliances, light switches, light bulbs, stereo components, baby monitors and other common devices are generally set up to automatically connect to any available home network; these devices use a wide array of protocols and ports to communicate with manufacturers and users to provide convenient — yet insecure — services. And these same networks that are burdened with peripherally connected applications are the very same ones that remote workers are using to connect to corporate IT networks, which may or may not be connected to virtual private networks.
Guy Carpenter’s Cyber Global Center of Excellence is actively following and responding to significant developments in the cyber risk sphere and helping clients adapt to evolving technologies.