" class="no-js "lang="en-US"> EXCLUSIVE: Cyber Insurance - More than meets the Crime - Fintech Finance
Thursday, March 28, 2024

EXCLUSIVE: Cyber Insurance – More than meets the Crime

– Aniqah Majid, Fintech Finance

In 2021, the French legacy insurer AXA was hit by a ransomware attack where allegedly three terabytes worth of personal data was stolen. To put this into perspective of how many bytes that is, that’s 100,000x as many bricks there are in the Great Wall of China. The Avaddon ransomware group were the masterminds behind the attack, and AXA did not disclose the ransom amount, nor whether they were going to pay it.

“The word to get out today is that, regarding ransomware, we don’t pay and we won’t pay,” said Cybercrime Prosecutor Johanna Brousse to cybersecurity officials at a Senate roundtable in Paris, of which AXA have heavily altered their policies.

The network of cybercrime is a vast one, it’s web wired with data breaches, ransomware, and phishing scams. All of them feed off the same sentiment: personal data is valuable, and there are people out there who will pay good money for yours. 

Cyber Insurance is more in-demand now than it ever was. Vantage Market Research’s recent report found that the global cyber insurance market will be worth $28.4 billion by 2028, its Compound Annual Growth Rate reaching 24.9%. The upsurge brings with it a steep increase in cyber insurance premiums. Marsh’s Global Insurance Market Index reported the overall price rising by 13%, 130% in the US and 92% in the UK. With the pandemic and the sharp turn toward remote working, cybersecurity is becoming a more pronounced issue in people’s consciousness. 

Cybercrime itself has been around for a long time, the first instance recorded as far back as 1834 with a pair of hackers who sent secret messages about the Paris Stock Market to Bordeau through Government messages using France’s first optical telegraph system. They essentially ‘hacked’ a government system to steal financial information for personal gain. 

Cyber insurance germinated out of the mid 1990s as supplementary add-ons to existing liability coverage for companies which made up the then nubile tech sector. 

In the age of Web 2.0, and more recently Web3, the threat of cybercrime has never been more pronounced for business. Insurance companies are no exception.

The insurance industry is a unique target for cybercriminals as it deals predominantly in personal customer data, from passport photos, to credit history. In their Global Cyber Executive Briefing, Deloitte investigated the cyberattacks hailed against big financial and insurance companies. There was an instance with a major financial institution, where cybercriminals had stolen personal data from over a million people. This included individuals who were not customers of the company, but who had merely requested a price quote. 

In another case study, the credit card information of over 93,000 customers was stolen from an insurance and finance company catered to seniors. The breach revealed the weak cyber defence put in place by the company as well as their slow handling of the attack, not alerting customers until weeks after. 

The rate of an average data breach rose to $4.2 million in 2021, with the largest sectors hit being healthcare and financial services according to IBM’s Cost of a Data Breach report. 

“It used to be the case that heritage was the most important marker of trust for an insurer. Today, it’s how effective and sustainable its data security is,” said Deborah Stafford-Watson, Head of UK Provocation and Strategy at the brand consultancy firm, Elmwood. A US study conducted by Security.org found that respondents’ trust in a company which has experienced a data breach would decrease by 67%. “Having the right security in place doesn’t only reduce risk of breach and the associated financial hit, it can also be a compelling brand message for consumers,” said Stafford-Watson. 

Such a message has become dire due to the practices of remote working and digital customer onboarding, the environment providing a perfect hunting ground for cybercriminals. At the height of the pandemic, the IT Governance Blog tallied 267,277,828 breached records in September of 2020, a staggering increase from the months prior. Now, cybercrime is up 600% due to the effects of COVID, according to Purplesec’s Cyber Trends report. 

With ransomware attacks and data breaches becoming more sophisticated and common by the day, insurtechs are clambering to find ways to keep one step ahead of attackers. 

“I think this shift from post-loss services to pre-loss services is dramatically increasing,” said Oliver Brew, the Head of Client Success at risk analytics insurtech, CyberCube. “That is helping both the client base because they can understand the threats closer to real-time, and also the carriers because it means they have better visibility on the potential for systemic risk and the way they can manage their capital as a result.” 

CyberCube has a range of products and solutions for re/insurers and brokers alike, providing analytic and demo tools for companies to safeguard and stress test against different types of risk. Recently, they’ve partnered with SaaS provider Duck Creek Technologies to develop a hybrid product to help insurers streamline the underwriting process for cyber insurance. CyberCube’s risk scoring API will be integrated into the Duck Creek Policy underwriting platform, meaning that risk identified by the platform will be automatically scanned for cyber vulnerabilities which can be reviewed. 

A similar company, Kovrr, contextualises cyber risk against financial impact, using their Cyber Risk Quantification (CRQ) platform. Companies are put through an obstacle course of hurdles, testing the reliability of cybersecurity defences and allowing access to third-party risk exposure. All this to exact financial bounty on data, so companies are aware of its potential worth.

This pre-emptive approach to cybercrime better prepares insurers for attacks because it challenges criminals at their own game. Creating a controlled environment where companies are made aware of the array of risks and get to test their systems against them does more to educate those in the insurance industry on the fight they’re up against. 

Looking at the 2021 research report from Check Point, the insurance and legal sectors were hit by around 636 cyber attacks per week last year, a 68% increase from 2020. 

The frequency of attacks shows that cybersecurity must be a constant priority for insurers, both with in-house operations and in providing cyber insurance to businesses. Using more pre-loss services and education tools will benefit the insurance industry in the long run as it will remedy inadequate cybersecurity platforms currently holding up the fort. 

 

  1. Montonio Welcomes Johan Nord as Chief Revenue Officer Read more
  2. Q2 Expands Executive Leadership Team with Promotion of Katharine Briggs to Chief Product Officer Read more
  3. Global AI Show and Global Blockchain Show Premier in Dubai Read more
  4. Santander Names Swati Bhatia Head of Retail Banking and Transformation Read more
  5. Barclays to Become the Official Banking Partner of WNBA’s New York Team Read more