Insurers could really slip up over cybersecurity risks

2 Jun 201743 Shares

Share on FacebookTweet about this on TwitterShare on LinkedInShare on Google+Pin on PinterestShare on RedditEmail this to someone

Image: Levent Konuk/Shutterstock

Share on FacebookTweet about this on TwitterShare on LinkedInShare on Google+Pin on PinterestShare on RedditEmail this to someone

Despite WannaCry, insurers are less prepared to handle cybersecurity risks compared with two years ago.

Cyber risk is the top concern for Irish insurers and is likely to remain high on the agenda given the recent WannaCry ransomware attacks, a new PwC Insurance Banana Skins report reveals.

Global change management, followed by cyber risk, were cited as major worries while locally, cyber risk and macroeconomy issues were the top concerns, according to the survey of 836 insurance practitioners worldwide.

‘In today’s risk landscape, a company’s degree of readiness to handle a cyber crisis can be a marker of competitive advantage and, ultimately, ensure its survival’
– PAT MORAN

Paraic Joyce, insurance partner at PwC Ireland, said he wasn’t surprised that cyber risk topped the list.

However, he added: “At the same time, it is concerning that the survey suggests that Irish insurers are less prepared to handle the risks compared to two years ago.”

Scarily professional cyberattacks

Some Irish respondents noted that they are getting attacked daily “with most attackers being amateur but some being scarily professional”.

Cybercrime is also an area of opportunity for insurers in the medium to long term, as the underwriting data becomes available.

“We expect more cyberattacks and, as insurers hold so much personal data and operate with legacy infrastructure, this is of particular concern,” said Pat Moran, PwC cyber leader.

“In today’s risk landscape, a company’s degree of readiness to handle a cyber crisis can be a marker of competitive advantage and, ultimately, ensure its survival.

“All organisations should ensure they have protected themselves in the following key areas: robust digital hygiene, ability to detect intrusive behaviour, thoughtful design of IT infrastructure, advance planning and rehearsal; including simulating an attack and early adoption of cloud technology.”

Editor John Kennedy is an award-winning technology journalist.

editorial@siliconrepublic.com