BrokerFest 2021: Businesses struggling to keep pace with hardening cyber market

BrokerFest 2021: Businesses are struggling to keep pace with the hardening cyber market, yet this also presents an opportunity in the way that the insurance industry deals with cyber risk said Chris Methven, chief growth officer at cyber risk analytics platform CyberCube.

Speaking about the proliferation of cyber attacks during the cyber conference stream at Insurance Times’ BrokerFest 2021 conference on Monday 11 October, Methven told delegates: “Enterprises are struggling to keep pace to mitigate the controls that keep these attacks from occurring.

“It’s going to be increasingly challenging for primary brokers to find a coverage, or even an equivalent, for clients.”

This challenge is made more difficult by the fact that carriers have been restricting cover, increasing premiums, or implementing sublimits on cyber cover, noted Methven.

Very often, carriers are also issuing more onerous demands in terms of the data they require from brokers too, meaning firms need additional in-house skill sets. ”The most consistent point of concern from our broker clients is a lack of talent out there in the market,” Methven added.

Key ransomware trends

However, “the story of the last couple of years” has been firmly centred around ransomware and how this has escalated across all business sectors.

Methven listed four key trends concerning the next wave of potential attacks. These include:

• Ransomware as a Service: This is a subscription-based model that allows affiliates to use already developed ransomware tools to execute ransomware attacks. Methven said there is a “buoyant and vibrant market on the dark web that holds sophisticated acts for criminal gangs that are providing their intellectual property and services for hire”.
• Data integrity: This refers to the accuracy of data. Methven gave the example of the NHS going digital and the risk of accidentally prescribing someone incorrect medication.
• Artificial intelligence: Methven believes this will aid criminal gangs - for example, the manipulation of voice recognition technology.
• Supply chain: More sophisticated criminal gangs are diverging away from targeting specific businesses and are instead going after single points of failure in a digital supply chain. Methven gave the example of IT development firm Kaseya, which fell victim to a cyber attack on 2 July 2021. Criminals targeted its supply chain by leveraging a vulnerability found in the firm’s software.

Needle in a haystack challenge

Methven added: “There remains a need to educate buyers on the benefit of broad cyber insurance coverage. There are still a number of organisations that are relying on a general liability policy. We think there is an increasing need to educate clients in an informed way on the relative benefits and standards of a cyber policy.”

For Methven, brokers need to adapt to the risks posed by cyber attacks by surrounding themselves with a team of experts.

“Due to the changing nature of cyber as a peril, to stay current on the landscape it’s causing brokers to rely on third party organisations like ours and others - probably more so than in other lines of insurance, to be able to properly inform clients.”

Methven added that ”finding the right data sets is a ‘needle in a haystack’ challenge” when it comes to helping clients benchmark their businesses around cyber security. “This is extremely hard to get right - the volumes in data required are huge,” he said.

The challenge is further increased here as many brokers are still reliant on cyber risk tools that are not designed for the insurance industry, which can make it harder to properly quantify cyber risks.

CyberCube aims to assist brokers with this by providing a suite of services, such as its Software as a Service applications. It also allows clients to see how the coverage they are buying for their business benchmarks against other peer group organisations.