Cyber Complexity Demands Structured Approach

A leading London market expert has cautioned the industry can only fully meet the ever changing threat posed by cyber risk if it can deliver a structured approach to data and its analysis.

Head of Cyber at Occam Underwriting, Dan Carr, told that the industry is facing a number of issues in its approach to cyber cover.

“I believe that cyber risk is most complex risk that the industry has ever faced due to the sheer breadth of the threat involved,” he explained. “We are also at a point where while there are models available the environment has changed so dramatically in the past five years the ability to use models is difficult.”

He added that given cyber has only been an issue for the industry for 25 years there was still a lack of expertise and across business those who do have a knowledge base are in high demand with insurers competing with customers and governments for that talent.

“Clients do have the expertise to manage the risk and look to the industry for support,” he added. “However, there is not a large amount of talent available and the chances of that talent coming into the industry is therefore limited.”

Mr Carr started his career in cyber security before joining the insurance industry in 2015.

“Having been on both sides of the discussion I can say that often the underwriter and the security consultant will be speaking a different language and that can prove a barrier on occasion.”

In terms of the models it is the speed of change that is hampering their effectiveness.

“In many respects a tornado is a tornado, and a hurricane can be tracked using historic data,” he explained. “In cyber all too often the malware attack is a brand new occurrence and will not target or react in a similar way to those that have gone before.”

However, Mr Carr said the industry could tackle steps to look at the way they approach the risks and how they can be modelled.

“While in the past it has been data breach that has been the major concern, the growing reliance on technology means that any attack or disruption will more than likely lead to business interruption.

“As underwriters we have to have the expertise to understand the future for potential disruption and all too often that does not come with a model.

“We need to create greater standards the for the collection and delivery of data in terms of cyber risk. We cannot operate if there are 15 different names for ransomware.

“If we can create standards for the type of data collected and how that is delivered, while it will not provide insight it will provide structure for the market.”