Cyber security has become an increasingly discussed topic worldwide over the last years. This has been accentuated by the widespread increase in digitisation and digitalisation as well as the growing reliance on digital systems that has accompanied the current pandemic. The importance of this issue has also recently emerged from the results of the World Economic Forum’s Global Risks Report 2022 and of the Allianz Risk Barometer 2022, which analyse global risks perceptions among risk experts and world leaders in business, government, and civil society. While both reports identify cyber vulnerabilities as a relevant risk, it should be pointed out that, from a business perspective, cyber-related issues also represent a business opportunity for the insurance industry.
According to the Allianz Risk Barometer, there are four main cyber exposures of concern that dominate today’s cyber threat landscape:
• ransomware attacks
• data breaches
• increased vulnerability from remote working
• disruption of digital supply chains and cloud platforms
Although cyber-attacks are commonly seen as a risk, the perception of how severe this risk is sometimes differs. According to WEF’s Global Risks Perception Survey (GRPS) respondents, cybersecurity issues represent short- and medium-term threats, but are also considered less important in the long term and none of them appear among the most potentially serious risks. In the Allianz report, on the other hand, cyber-related incidents ranked as the most important business risk for 2022 and beyond. This discrepancy may be linked to a blind spot in risk perceptions, as the WEF report suggests, and therefore the severity of the risk associated with cybersecurity could be underestimated.
Cyber-attacks also appear to be the most feared cause of business interruption, according to the Allianz report. Many of these attacks are aimed at disrupting supply chains, targeting both technologies and physical infrastructures which rely on digital systems. However, cyber incidents intended as a cause of business interruption are not as well known and understood as other, more traditional sources of disruption, such as natural disasters. As a result, mitigation processes for cyber-related issues are not as well developed – something which is probably a contributing factor in the identification of cyber-attacks as the cause of BI that companies fear the most.
While cyber security represents a common concern everywhere, cyber risks could prove even more serious for some countries. The increased cyber incidents which have been occurring during the current pandemic (e.g. the ransomware attack directed against the Lazio Region in July 2021) have shown that cyber-attacks are a complex problem even for advanced economies. Consequently, cyber-related issues are more difficult to manage for developing economies. As the WEF report points out, governments, businesses and individuals in these countries may have limited financial and technical resources and these may not be enough to ensure the necessary improvements in terms of cyber defences and cyber regulations to prevent or mitigate critical infrastructure breaches and to safeguard data and privacy. This is a factor of digital inequality that could deepen the digital divide, which would, in turn, not only hinder attempts to foster digitalisation all over the world, but also exacerbate the global divide between different countries and hemispheres.
When it comes to businesses, cyber security and cyber risks are also crucial in terms of ESG principles, which are now increasingly being integrated into broader business strategies. According to the Allianz survey respondents, cyber security resilience is the top ESG priority, as a consequence of how numerous and severe cyber-attacks are becoming, as well as because of an increase in data security regulations worldwide. In this regard, the WEF report states that businesses that fail to demonstrate strong corporate governance around cyber security – such as by implementing robust systems, by introducing effective procedures and protocols, and by practicing accountability and transparency in the event of cyber incidents – could suffer reputational damage as well as business interruption. Businesses must build their cyber security resilience and plan for any potential cyber-related incident to avoid backlash from regulators, investors and other stakeholders. For example, a point that currently needs to be addressed is the increased IT vulnerability due to the shift to remote working which has followed the outbreak of the Covid-19 pandemic.
As well as a risk or an ESG priority, cyber security issues can also be a business opportunity for the financial services and information technology sectors. As cybercrimes have multiplied and the cyber threat landscape has evolved over the years, the insurance industry at large has shifted part of its focus to helping clients enhance the quality of their cyber risk management and build their cyber security resilience. At RGI, as a company and as a software vendor leading the digital transformation of the insurance market, we must strengthen our cyber security resilience and act to prevent cyber-attacks targeting both our products and our business. At the same time, however, we must support insurance companies, as risks, including those related to cyber security, represent a business opportunity for them – and for us at RGI as well. As part of the financial services and insurance industry, we also must cooperate with insurers to raise awareness of the role of cyber security and help improve risk perception capabilities. Together with our clients we can contribute to building a stronger cyber security resilience where innovative and robust systems coexist with safety.