How to Convey Cyber Risk to Senior Management
Cyber insurance is still considered to be in its fledgling stages, and yet cyberattacks have been ranked among the top global risks in each of the recent World Economic Forum (WEF) Reports. The latest 2020 report went as far as to name it ‘the second most concerning risk for doing business globally over the next 10 years.’
According to a government survey, on average, SMEs will fall victim to four cybercrimes in every two-year cycle, and yet, under three in ten (27%) businesses have a cyber-security policy in place. With these statistics in mind, it would be intelligent to conclude that cyberattacks are in fact a more common risk factor than the more traditional losses a business might insure against (flood, fire, accidental damage, etc.).
A cyberattack can compromise a business in a variety of ways and presenting these scenarios to CISOs is a fundamental factor in their engagement.
Operational – IT system failure leading to a loss of service, manufacturing capacity, files, and networks
Financial – The loss of revenue and funds; increased costs
Reputation – The damage to brand image and public relations
Vigilance is key in this growing digital age, and with these losses in mind, moving onto the initiation of analytical tools to determine risk would be the next step. By using analysis tools, a solution is provided which is applicable to the insured’s unique business needs, evaluating the true and individual risk factors, quantifying their financial exposure. Armed with the right information, brokers can gauge accurate underwriting indicators to assess cyber exposure and incorporate needed insurance cover at the best price for their clients.
"Brokers need to have a good understanding of the cyber risks before they can even start assessing if the various policies provide adequate cover for those risks. Cyber insurance is a complex area, with many different policy wordings and covers available. Any help in demystifying the risk and cover analysis will help brokers sell cyber insurance - and, most importantly, give their clients confidence in the recommended solutions" - Diane Jenkins, ACII, Chartered Insurance Broker
STORM’s CYBER3 assessment service allows brokers to develop an extensive cyber risk management and insurance plan created to identify their client’s precise needs, desires and to an appropriate budget. Designed to give an in-depth understanding of cyber risk management maturity, CYBER3 has also been developed in a jargon-less language so that risk indicators are demonstrated in an insurance policy context.
It can feel an impossible task for brokers to help their clients manage the ever-evolving and increasing risks associated with business information and IT.
The CYBER3 rapid risk review process delivers results to brokers and the insureds in a clear and understandable way. With a shortage of security professionals in many SMEs, responsibility is often assigned to a risk oversight committee. Often, we’ll see that for executives, non-technical and technical specialists alike, results and reports will need to be conveyed in a non-technical manner. CYBER3 delivers results in 5-point scores over five key areas of cyber risk management maturity:
People: staffing, roles, capability, and skills
Process: governance, policy, and procedures
Technology: security systems and IT strategy
Data Asset Awareness: categorisation and amounts
Vendor Management: oversight, risk, and liability
With an integrated vulnerability assessment and a range of checks on the client’s internet presence, the tool allows for an ‘attackers-eye view’, which further clarifies risk from possibly the most prominent perspective.
STORM|Guidance will be hosting a ‘Demystifying Cyber Risk for Your Clients’ webinar, led by our very own Cyber Jedi, Neil Hare-Brown, Founder of STORM and an information security expert of 30 years, together with Diane Jenkins, Cyber Insurance & Training Specialist and Nick Prescot, Senior Associate, and Cyber Security expert. They will give an in-depth insight into the CYBER3 and Cyber|Decider tools to help brokers and insurers analyse cyber risk and insurance.
Exploring the CYBER3: Rapid Risk Review service, which offers a thorough review and accurate results delivered in a clear and understandable way, the service assists clients with practical, yet empathetic advice, ensuring that losses from breaches are minimalised.
Also delving into STORM’s cyber policy comparison tool - Cyber|Decider, Diane will go into the comparison of policies and how brokers can benefit. By providing a fast, secure, and user-friendly online analysis, brokers will find the most appropriate insurance policy for their clients.
For updates on the webinar and to find out more about what is happening at STORM|Guidance, sign up to our monthly newsletter here.