More standalone cyber risk insurance covers are being bought as cyber becomes acknowledged as an ERM concern, reports our sister publication, StrategicRISK

Cyber risk is increasingly the domain of the chief risk officer (CRO), according to a report from Stroz Friedberg, the cyber risk security consultancy bought by Aon in 2016.

More firms are taking out standalone insurance policies to protect against the results of cyber-attacks, rather than relying on existing property or liability covers, according to Aon.

Companies are planning major enterprise-wide changes to address cyber risk, according to the broker and risk advisor’s report, entitled 2018 Predictions: Trends in Cybersecurity.

“As sophisticated cyber-attacks generate real-world consequences that impact business operations at increasing scale, C-suites will wake up to the enterprise nature of cyber risk,” said the report.

“In 2018, expect CROs to have a seat at the cyber table,” the report continued, predicting closer work between the head of the risk function and the chief information security officer, to help their organisations “understand the holistic impact of cyber risk on the business”.

Regulatory pressure comes in the shape of the EU’s General Data Protection Regulation (GDPR), while a profusion of data breaches distributed denial-of-service (DDoS) attacks in 2017 have demonstrated vulnerabilities, on top of the need for compliance with watchdogs’ new rules.

Jason Hogg, CEO, Aon Cyber Solutions, commented: “In 2017, cyber attackers created havoc through a range of levers, from phishing attacks that influenced political campaigns to ransomware cryptoworms that infiltrated operating systems on a global scale.

Networking of more devices across businesses has increased the scale of the threat, as networks potentially become only as strong as their weakest link, Hogg suggested.

“With the growth of Internet of Things (IoT), we have also witnessed a proliferation of DDoS attacks on IoT devices, crippling the device’s functionality,” Hogg added.

Highlights of the predictions report included: more standalone cyber insurance being bought; CROs playing centre stage in managing cyber risks; an increasingly complex regulatory burden; criminals looking to target the IoT; increased need for multifactor authentication; criminals targeting transactions that use reward points as currency; an evolution of ransomware tactics; and the struggle to mitigate insider risks, particularly through trainings.

“In 2018, we anticipate heightened cyber exposure due to a convergence of three trends: first, companies’ increasing reliance on technology; second, regulators’ intensified focus on protecting consumer data; and third, the rising value of non-physical assets,” said Hogg.

“Heightened exposure will require an integrated cybersecurity approach to both business culture and risk management frameworks. Leaders must adopt a coordinated, C-suite driven approach to cyber risk management, enabling them to better assess and mitigate risk across all enterprise functions,” he added.