Zywave’s annual Cyber Risk Insights Conference is a core event on the cyber calendar. The conference brings together risk managers, cyber insurers, reinsurers, brokers, MGAs, and other cyber risk professionals to discuss the global perspective on cyber threats, regulation, insurance market conditions, and risk quantification.
2023 featured a keynote from Joshua Motta, CEO & Co-Founder of Coalition, sixteen sessions exploring the key cyber issues, and more than two hundred companies in the room to share ideas and strategies in the ever-evolving cyber industry.
Here are five essential takeaways from the event:
1. The cyber industry needs more education – Despite the rising frequency of cyber-attacks, especially ransomware, many businesses do not understand why cyber insurance is necessary. They often view it as another cost, and in the current economy when cost-cutting is a priority, additional costs are something they are looking to avoid.
This is why education is essential. Decision makers need to understand the benefits of having a cyber policy and the risks of not having one. Many organizations only think of the direct costs of dealing with a cyber-attack. They consider immediate expenses related to data recovery, system restoration, and legal fees but often fail to consider or even be aware of indirect costs such as business interruption, loss of revenue, and damage to their reputation.
This is where an advisor can step in and educate business on the complexities of cyber threats and help them to have a better understanding of the value that cyber insurance brings.
2. Cyber-crime is human crime – When cyber-attacks are carried out in the digital world, it’s easy to forget that there’s a human behind the crime. Human decisions and motivations drive cyber-attacks, and it’s essential to understand that human element in order to build a solid defense. Human threat actors will find creative new ways to carry out cyber-attacks, and defenses need to be equally creative to get ahead of the threat.
It’s this adaptability that has led to the constant evolution of cyber-crime, and it’s why organizations need to harness the collective power of their employees to become the first line of defense against attacks. Cyber defenses must be designed with humans in mind and recognize that both defenders and adversaries are guided by human behaviors and motivations.
3. Cyber insurance needs to become more proactive and less reactionary – Measures are taken to reduce risk to physical assets, and the cyber industry needs to find more ways to prevent losses instead of reacting after a loss has occurred. Investing in data solutions and strategizing creative defenses is key, as is understanding the human element of threat actors.
The costs of a cyber-attack are alarming. According to IBM’s 2023 Cost of a Data Breach, the global average financial impact in 2023 was $4.45 million. This is a 15% increase over three years, and it’s expected to keep growing.
Companies that invest in security measures, however, have averaged savings of $1.76 million. And although cyber insurance premiums have increased over the past ten consecutive quarters, this is due to frequency of claims rather than severity. This is due to organizations implementing more controls to reduce the impact of attacks.
4. More data is needed to quantify risk – The more data that can be gathered from observing the behavior of threat actors, the more action can be taken to prevent attacks from occurring. Data can also be used to build profiles for organizations so they can better understand their risk and modify risky behaviors. Future insurance companies will be technology companies as they manage and interpret this data.
Predictive analytics are key and involve leveraging historical and real-time data to assess potential cyber-attacks and vulnerabilities. Armed with intelligence from predictive analytics, businesses can tailor their defenses to match specific patterns and trends identified by the data.
5. Evolution is constant – No strategy is foolproof or lasts forever. As technology continues to change and become a bigger part of lives and business, threats will also evolve. How insurance prepares for and responds to those threats needs to remain adaptable and forward thinking.
Jeff Cohen, Senior Vice President at Zywave, opened the conference by stating, “The old ways of insurance no longer apply.” This is something vital to keep in mind as the digital transformation continues to disrupt the industry. Flexibility and adaptability will continue to be essential elements in the ongoing evolution of cyber insurance.
Keeping up with all the dynamic changes in cyber may seem like a daunting task. That’s why Zywave organizes the acclaimed Cyber Risk Insights Conference series every year. Learn more about the conference and explore past sessions and speakers.