Cyber risk growing, but resilience is building

The potential costs of cyber-attacks are escalating rapidly, but mitigation measures are increasingly coming into force, according to Swiss Re’s latest sigma report.

The report, ‘Cyber: getting to grips with a complex risk’, said cyber risk is a growing concern for businesses, with recent attacks demonstrating how the costs of a cyber breach can escalate.

It also warned that businesses need to do much more to integrate cyber security into their risk management programmes, but initiatives to boost cyber resilience are underway.

“A dedicated cyber insurance market is developing, and an increasing number of insurers are looking to write more business in this specialty line,” said Swiss Re chief economist Kurt Karl.

“Firms – large and small – need to invest more in cyber security architecture to develop robust pre-and post-loss risk management capabilities.”

Product and process innovation in insurance and other risk transfer mechanisms will a vital role in tackling cyber risk.

Swiss Re used the example that various risk analytics vendors have built data schema that provide firms with a standardised approach to identify, quantify and report cyber exposure to insurers.

Dedicated cyber insurance typically provides core protection against data and network security breaches and associated losses, with capacity limits in the market today ranging from about $5m to $100m.

But the report said that despite the development of the cyber insurance market, some cyber risks, especially those related to extreme catastrophic loss events, might be uninsurable.

For such risks, there may be a case for a government-sponsored back-stop.

The report stated that the increasing scope and magnitude of potential costs associated with cyber-incidents reflects a shifting cyber risk landscape, which is being shaped by three main dynamics:

• The growing speed and scope of digital transformation;
• The widening sources of vulnerability from hyper-connectivity, with the rapid spread of, for example, internet-enabled devices and cloud computing; and
• The growing sophistication of hackers alert to the potential economic gains from successful cyber-attacks.

The report added that despite increased awareness of the dangers, firms are still generally ill-prepared to cope with cyber risks and relatively few firms have integrated cyber security into their mainstream risk management.