قالب وردپرس درنا توس
Home / Insurance / Cost of cyber exposure: A wider look A Lloyd's emerging risk report 2017

Cost of cyber exposure: A wider look A Lloyd's emerging risk report 2017



Last month's record summarized key facts from the newly emerging risk report published by Lloyd's of London and the risk modeling company Cyence, which highlights several key conclusions on cyber risk and the Internet insurance market more generally. In this post, we take a closer look at some of the more significant issues with cybersecurity discussed in the report, a full copy of which is here.

first The Difficulty of Days Challenges

All companies face great risk from attacks using "zero day" vulnerabilities. As Lloyd's report explains, zero-day vulnerabilities are "a particularly serious part of vulnerabilities unknown to a software vendor or information security society" where "zero" refers to how long the cyber security community has been aware of the vulnerability of pasting it. The zero day exploits, which often occurs and ̵

1; as the name suggests – without warning, constitutes a "delicate balancing act" where disclosure of exploit helps users correct the problem, but also warns poor players of the relatively unknown weakness. [19659004] While the vulnerabilities leading to this risk are largely excluded by consumer control, the vulnerability (or significant delay of patching) in an already poor situation is not deteriorating. Given the size of the potential exposure to the industry estimated in Lloyd's report (varying anywhere from $ 4.6 billion to a "large" cloud service disruption to $ 53.1 billion for an "extreme" event), policyholders should not Be surprised to see insurance products that exclude coverage for so-called "mass vulnerability" attacks. In fact, many products already exclude such coverage. In addition, policyholders may face increased efforts to deny coverage based on policyholder representation in insurance applications for the time when companies attempt to cope with identified vulnerabilities.

It is unlikely that days of vulnerability will subside at any time, so policyholders should evaluate whether their coverage is adequate in the event of a "mass vulnerability" attack, and be vigilant to proactively monitor and respond to future zero-day operations.

2. Significant coverage deficiencies associated with global cyber events

Lloyd's report also highlights a significant gap in various hypothetical scenarios, including with regard to coverage for quota interruptions ( CBI) at a cloud service attack.

As discussed in the report, cyber policy generally includes some form of disruption to business interruptions to respond when cyber events interfere with a company's digital business. However, cyber policy varies greatly with regard to whether there is coverage for the CBI (ie coverage for policyholders lost profits and additional costs caused by disruptions in a vendor or customer's business). Some cyber policies completely exclude the CBI while others are policies for CBI losses.

However, CBI losses are particularly important in the cyber context because a large-scale disruption caused by a cyber attack by a major cloud service provider or similar provider could have significant repercussions in many industries worldwide relying on uninterrupted service. Lloyd's report presents a strong picture in analyzing potential coverage for such risks, estimating a potential "gap" of $ 4 billion (for a large loss) and $ 45 billion (for extreme losses) following a significant disruption to the cloud service. Estimated in various ways, the report estimates that only 12% to 17% of expected losses are covered when taking into account large losses and extreme loss scenarios, compared to 30% for the world's ten most costly natural disasters. Policyholders should be aware of this important issue when assessing whether their cyber coverage is adequate.

3. Importance of risk modeling and current barriers on Cyber ​​Market

Lloyd's report concludes that not enough policyholders supplement risk modeling. This means that policyholders lack adequate information about potential exposures, how to manage these risks and the extent of long-term exposure in connection with these risks. As policyholders do not have the information, insurers who are a current obstacle do not insure the market.

Policyholders should work with their critical staff, including accounts payable and IT staff, to predict common and worst cases of cybercrime scenarios, and test these scenarios against existing risk management protocols. Such information will not only improve cybersecurity, but will also help policyholders identify new or expanded covers that may be needed to handle exposures identified during testing. When insurance consumers are better educated about their needs, the insurance market is better at providing envelopes that really respond to corporate daily reality during cyber attack.


Source link