Cyber Blog Series – Part One
A UK government report published last week highlighted how many firms are failing to protect themselves against cyber-attacks, which are increasing massively in terms of size and frequency. The research also outlines a number of areas where business and IT strategies are either not properly aligned in their approach to cyber protection, or are completely unaware of their actual level of protection.
Russell Group has for some time been writing about the potential for the cyber threat to cut across all specialty classes and wreak havoc upon the balance sheets of the direct players and reinsurance community alike. Even we were surprised to learn, however, that 81% of large businesses and 60% of small businesses suffered a security breach in 2014.
That was according to a separate government report and as more businesses – and insurers increasingly – ramp up their digital distribution channels and marketing platforms to increase revenues, this will come to be seen increasingly as a board-level issue that senior executives need to get to grips with.
A major security breach at a large company costs between £600,000 and £1.5 million to address, according to estimates while for SMEs the costs vary between £65,000 and £115,000.
In response and upon the launch of the report, Francis Maude, Minister for the Cabinet Office and Paymaster General, said:
“It is part of this government’s long-term economic plan to make the UK one of the safest places in the world to do business online. The UK’s insurance market is world renowned and we want it to be the same in relation to cyber risks. The market has extensive knowledge and experience of more established risks to help businesses manage and mitigate relatively new cyber risks.
“Insurance is not a substitute for good cyber security but is an important addition to a company’s overall risk management. Insurers can help guide and incentivise significant improvements in cyber security practice across industry by asking the right questions of their customers on how they handle cyber threats.”
This is surely an important point. Companies can have all the software and security controls in the world but a rogue laptop can undo the best laid plans of the most competent IT teams. More importantly, as the first report says, many companies are unaware of their levels of protection and crucially their lossexposures.
Shipping, for example, is a sector in which owners are waking up to the fact that their assets are vulnerable. A new report penned by Allianz Global Corporate and Specialty Safety and Shipping Review 2015 says that cyber risks are a growing concern in the shipping sector, while the growth of mega ships meant potential losses exceeded $1bn (£670m).
AGCS says that more than 90% of global trade is estimated to be carried by sea, which means that “much is at stake, with an increasing number of potential loss scenarios”. Such scenarios included cyber criminals targeting a major port, closing terminals, or interfering with containers or confidential data.
Captain Rahul Khanna, global head of marine risk consulting at AGCS, said: “Cyber risk may be in its infancy in the sector today, but ships and ports could become enticing targets for hackers in future. Companies must simulate potential scenarios and identify appropriate mitigation strategies.”
Data and analytics providers can play their part by integrating hull and cargo risks and losses - capturing the marine portfolio - and exploring relationships between portfolio and underlying hull and cargo risks.
As the cyber threat increases, can we price a marine portfolio programme and calculate gross and net portfolio exposure at a loss level by operator? Yes we can. Can we calculate gross and net portfolio exposure to a set of actual or simulated losses? Again, yes we can. It is now becoming possible for specialty class analytics providers to optimise a line writing strategy for a marine portfolio.
More importantly at Russell Group we believe it should be possible to calculate return on equity and return on capital for a marine portfolio if the right data set is provided.
For Marine Underwriters, ALPS Marine enables effective knowledge of underwriting exposure, capital utilization and portfolio return on equity. For Marine Brokers ALPS reduces the time and cost of producing marine client analytics whilst improving accuracy. For Capital Providers and Regulators ALPS enables marine practitioners to demonstrate that they are fully aware of exposure commitments and of the potential consequences of risk decisions, including cyber.
ALPS enables effective knowledge of underwriting exposure, capital utilization and portfolio return on equity.
For Energy Brokers
ALPS reduces the time and cost of producing energy client analytics whilst improving accuracy.