Insurers need to create a smart balance between corporate opportunity and cyber security risks.
More than three quarters of insurance CEOs see cyber security as more of an opportunity than a threat. The obvious opportunity, cyber insurance, is becoming a booming business for many insurers with steadily climbing revenues. Similarly, insurers are exploring how they can extend their capabilities into emerging areas such as protecting the connected home, automated vehicles and personal information.
Besides creating new revenue streams, cyber security is critical to remaining existing ones. Indeed, many insurers are digitizing their enterprise and creating new front-end platforms to get closer to their customers - that requires a keen focus on delivering really strong cyber security. If you can't offer your customer a secure digital experience, you probably won't keep your customers.
It is somewhat worrying that, according to KPMG's recent survey of insurance CEOs, 57 percent of insurers are only `somewhat' prepared for a cyber event. Only 26 percent said cyber security is one of their `top of mind' risks, and just 28 percent will `significantly increase' investment into cyber security in the next three years.
Yet based on my conversations with leading insurance CEOs, many has already had an unexpected wakeup call - some have suffered their own breaches, some have learned from the negative experience of others and want to avoid a similar fate. Most recognize that, if they don't improve on their own, the regulators will do it for them.
There is no denying that many traditional insurers that come from a classic paper-based business model face an uphill battle when it comes to cyber security. They are working in difficult IT environment, often with legacy mainframe and systems. Nonetheless, they know it will take significant work to remediate their past issues, and even more work to create the right long-term programs to properly protect their business from the ever-evolving and growth risk. Many are now starting to make significant progress on their journey to cyber readiness.
My work with leading insurance organizations suggests that there are a number of actions that insurers should be taking if they hope to survive and thrive in the new environment:
There are no quick fixes or silver bullets to becoming cyber defensible. The journey will take time, resources and patience, and it will require boards and executives to have awareness to be able to challenge the decisions made by the business, and it will require the business to be in the 'lead'.
We must also remember that the opportunities created through a strong cyber position and robust controls are massive and vital to future growth.
I believe that the most successful organizations going forward will be the ones that are able to create a smart balance between corporate opportunity and operational risk; to protect their reputations and grow their business and to build trust with clients and regulators - they will be the ones that are best positioned to seize new market opportunities.
Feel free to contact me or your local advisor if you want to discuss how we can help assess your approach to cyber security and find the right balance for your organization moving forward.