Cyber Risks: Growing threat for companies
The cost of cyber attacks will grow in the future - and yet insurers and companies should be able to manage the risks: This is the conclusion of the first study by the newly opened Swiss Re Institute.
The potential costs of cyber attacks are rising rapidly - especially in connection with lost or damaged data. Therefore, the topics of cyber security and cyber resilience are becoming increasingly important for companies. This is the conclusion of the first sigma study "Cyber: managing a complex risk." of the newly opened Swiss Re Institute.
Companies need to do much more in the future to integrate cybersecurity into their risk management strategy, the study found. While companies often have a heightened awareness of cyber threats - they are ill-prepared to actually manage the risks. Initiatives to strengthen cyber resilience already exist.
Insurance: Risks are difficult to calculate
The market specifically for cyber insurance is developing rapidly, but the scope of coverage in relation to potential exposure is still relatively small. One problem is that cyber risks are complex and very difficult to quantify: The technological environment is constantly changing at a rapid pace, and at the same time there is little historical data on losses from which to derive estimates of future losses.
Product and process innovations, as well as advanced analytics technologies, are expected to support the development of improved cyber insurance solutions in the future, expanding the limits of insurability as well as the scope of coverage. Ultimately, however, some cyber risks, especially those related to extreme, catastrophic loss events, may remain uninsurable. For such risks, a government safety net may be needed as a last resort - comparable to government support in the context of catastrophic terrorism.
New legislations
In many countries today, new legislation is on the horizon that may force companies to implement higher data protection measures. This, the study suggests, could be a catalyst for change: As a result, "companies - large and small - need to invest more in their cybersecurity architecture to develop sound risk management before and after a loss," says Kurt Karl, chief economist at Swiss Re.
The study sees an important role for the state in measures to improve the collection and dissemination of cyber information, as well as the adoption of laws and regulations on the use and protection of cyberspace.
