By Prabhakaran Pitchandi and Irfan Mohamed

The ongoing pandemic has accelerated digitalization across industries. Organizations that were not looking at digital-first models are now forced to consider them, as it is now a matter of survival. Yet, with rapid digitalization comes the increased risk of cyber threats and the need for adequate insurance coverage. Cyber insurance is a major opportunity for the global insurance industry, given the need for higher capacity to meet the increased demand. For example, revenue from cyber insurance is expected to reach $70 billion by 2030.[1]

While it is a big opportunity, cyber risk is highly dynamic, borderless, and systemic in nature and sophistication compared with other widely covered risks. This would mean significant accumulation of liabilities for insurers given the frequency and impact of attacks. Further, the threat actors are evolving and adapting rapidly as evidenced by a 667% increase in phishing attacks in February and March 2020.[2] 

Cyber Insurance Needs a Comprehensive Rethink

While insurers have been driving “prevention first” as a core theme for some years now, cyber insurance needs greater “protection” focus. However, the broader support currently offered to customers to help them get back on their feet after a cyber loss is reactive.

A cyber loss is undesirable for organizations as well as their insurers. Embracing prevention as a core philosophy is the only way for the industry to transform and make cyber insurance more effective, affordable, and sustainable, especially as a significant number of cyber losses are caused by known methods and vulnerabilities that are largely preventable.

This underscores the need to adopt a concerted approach to continually understand evolving cyber risks while considering the additional risk introduced by organizations’ supply chains. Further, the diversity in organizational size and lack of IT sophistication in the small and medium business segment requires further attention to effectively understand risk and price it appropriately.

At the same time, insurers must make it simple for business owners to understand risk and make coverage decisions. Such an understanding is key to managing cyber risk in collaboration with insured parties. This is easier said than done, because there is the angle of commercial viability to be considered. The solution lies in enabling higher levels of automation and operational optimization.

Turning Thoughts into Action

The insurance industry needs to adopt insights-based cyber-risk assessment and management by leveraging the wealth of risk data that can be generated using innovative technologies and models, the data available with the insurer, and external data. This will significantly improve risk assessment, risk selection and pricing of cyber insurance products.

In our view, insurers must adopt an end-to-end solution with the capability to understand and price risk, facilitate continuous monitoring, and proactively prevent risk by offering services to enhance cyber resilience among customers.  In turn, this minimizes the frequency of cyber events. We recommend five key capabilities for insurers to focus on:

• Automated risk assessment and monitoring to predict severity and frequency of cyber events to help underwriters. This includes loss curves and benchmarks for specific customers based on their vulnerabilities.
• Analytics to generate actionable insights from core risk data to benefit risk consultants and/or risk managers — both for the insurer and insured to proactively improve cyber resilience.
• Holistic view of risk, considering the sophistication of attacks we see today. This is done by analyzing cyber risk on a standalone basis, along with the risk introduced by an insured’s partner ecosystem.
• Aggregated views of portfolio-level risk to aid critical decisions around capacity management, capital adequacy, and reinsurance provisions, and to drive targeted mitigation of risks at the portfolio level.
• Loss prevention services to help insured entities move from intent to action and proactively manage and minimize cyber risks.

Transparency and trust are key when it comes to cyber insurance largely because of the lack of comparable propositions available at this juncture. Utilizing customer specific insights as a common language for collaboration and communication can address that. We believe that insurers must embrace an insights-driven approach enabled by these five core capabilities to minimize risk exposure and enable innovative business models to lead in the new normal. Certainly, with combination of focused technology and service play, a great opportunity for CIOs of insurers to expand their business value creation role.

For more information, contact: bfsi.marketing@tcs.com

[1] Prescient and Strategic Intelligence, Cyber Insurance Market to Generate Revenue Worth $70,671.9 Million by 2030, June 2020, Accessed July 2021, https://www.psmarketresearch.com/press-release/cyber-insurance-market

[2] CIODIVE, Coronavirus phishing attacks up 667% since February, research finds, March 2020, Accessed July 2021, https://www.ciodive.com/news/phishing-email-malware-coronavirus/574888/

tcs

Prabhakaran Pitchandi

Prabhakaran Pitchandi is Global Head, Chief Data Officer Strategic Initiative, with the Banking, Financial Services and Insurance (BFSI) business unit at Tata Consultancy Services (TCS). He has over 25 years of experience in the BFSI space. In this role, he works with banks and insurers to derive value from their data assets and investments. He has developed many innovative solutions across cyber insurance, commercial insurance and underwriting, and data quality and data discovery amongst others using technologies like digital twin and machine learning. In his previous roles, he specialised in capital markets and risk management.

tcs

Irfan Mohamed

Irfan Mohamed is Head, Solutions and Innovation, Chief Data Officer Strategic Initiative, with the Banking, Financial Services, and Insurance (BFSI) business unit at Tata Consultancy Services (TCS). In his current role, he leads the development of insights-led cyber insurance offerings to help global insurers, reinsurers and brokers. An avid researcher on the future of insurance and a hands-on leader, Irfan has led thought leadership in technology-driven innovation as well as business, technology, and cultural transformation for TCS customers around the world in a career spanning over 25 years.