Cyber Risk – No. 1 with a bullet!

Each year there are a few industry publications which I look forward to being published and relish the opportunity to poor over their contents to which provide significant insights to the current state of the insurance industry in Australia and globally. The imaginatively though aptly named 'Banana Skins' Report published by PwC and the Centre for the Study of Financial Innovation (PwC Report) is one such publication.

The most notable features of the 2015 publication are the identification by Australian insurers of technology risks as the greatest current risks facing the insurance industry. Indeed, the report notes that concerns around technology dominated the upper levels of the 2015 risk table with cyber risk; distribution channels; change management; and product development all ranked all sitting among the top seven risks.

Australian insurers are not alone. Cyber risk rated No.1 in the survey in North America, Africa and the UK. By sector, Cyber risk came in globally at No. 1 for the non-life sector.

Primarily, the risk is viewed from the perspective of the potential vulnerability of insurers' own systems. The CFO of one non-life company in Australia is quoted in the PwC Report a stating that cyber risk was “a major threat. We repel more than 20 serious attacks every day. Half of these we suspect are state-sponsored attacks”.

At stake is the significant ongoing costs of additional security to protect against such attack which, if successful, would result in service disruptions, the loss of commercial sensitive information about the company, loss of customers' personal information and the potential for third party claims or regulatory action. As is often the case in this area the loss of reputation is a significant factor.

Then, of course, there is the risk from insurers as underwriters of cyber risks. The PwC Report quotes a New Zealand consultant as stating  “Cyber insurance is such an unknown and many insurers may be opening themselves up to potentially horrific losses”. The underwriting risk relates to both the cover being provided by stand-alone cyber-risk policies (as with any emerging risk there are concerns as to whether insurers are rating the risk correctly) as well as the potential for other policy types to allow a degree of cyber cover (whether deliberately or by oversight).

I recommend the PwC Report for its insight into the thoughts (and fears) of the leaders of the industry.

To access the PwC Report click here