The past year has been marked by a significant increase in cyber threats to companies, which have taken new and increasingly pervasive and effective forms. The coronavirus pandemic played a crucial role in increasing cybercrime, due to the many different forms of digital transformation that companies and organizations had to introduce almost overnight to cope with lockdowns and social distancing. So, while companies are working to adapt their operating model to a ‘new normal’ phase based on the intense use of technology and digital transformation, cybersecurity is a major concern.
No company is immune, from big companies to SMEs, and if cybersecurity risks continue to be neglected, reputational, operational, legal and compliance implications could be considerable. Among the major consequences, the interruption of operations, data breaches, claims of business partners – and this is the case especially for small and medium-sized enterprises, which in most cases do not have adequate insurance protection.
An insightful article by the Harvard Business Review, supported by funds from the Cybersecurity at MIT Sloan (CAMS) consortium at MIT’s Sloan School and Boston Consulting Group, highlights how important it is to be prepared “for the unexpected” for all companies – both public and private, large and small, domestic and international.
To do so, companies need to identify all vulnerabilities and risks that need to be addressed, demonstrate to the organization the magnitude of the risk and the importance of security resources and investment, and test plans in a way that helps everyone be ready.
But above all, everyone should acknowledge that it is not just the responsibility of the cybersecurity or IT team, but it is a risk and problem that involves everyone — the board of directors, company executives, managers, and team members. Everyone should know its role and responsibilities, in order to work out any potential problems before a real cyberattack puts the organization at risk.
Considering this complex scenario, it appears clear that there is an increasing need to gain awareness at all levels and establish proper models for risk assessment and mitigation. But how can the insurance sector support companies to face cybercrime?
As stated by The American Property Casualty Insurance Association (APCIA) on July 1st, the insurance sector alone cannot be considered the solution, but the insurance industry, business community and government should work together in order to fight the ransomware epidemic through advocating better cybersecurity, preparing to respond and recover when attacked, and pursuing and prosecuting the actors perpetrating the attacks.
Anyways, even if insurance alone cannot be considered the solution to drive business behavior or to deter criminals, it should be recognized as a tool to create awareness of the risk, as well as encourage and enable adoption of strong security measures. Also, the evolution of the insurance sector towards insurtech may give a boost in this direction, thanks to its role in developing innovative products, offering new incentives to adopt a preventive approach, and finding new distribution models.