IoT leads to rise in cyber risks, says Aon’s Stephanie Snyder

28 Oct 2016

Cyber risk is evolving as every business becomes digital. Image: Luke Maxwell

Cyber risk is evolving at an astonishing pace, driven by the digital transformation of traditional companies into tech companies and the explosion of internet of things devices, warns Aon’s Stephanie Snyder.

Snyder, senior vice president and national sales leader at Aon Professional Risk Solutions, was speaking at the occasion of the launch of Aon Cyber Enterprise Solution. This is a first-of-its-kind property/casualty and internet of things (IoT) insurance policy that offers comprehensive and integrated enterprise-wide coverage against cyber risk.

Snyder said that there are varying levels of sophistication when it comes to preparation of any type of security breach.

“It varies very much within industries and in between industries, there’s a lot of companies that are really taking a good hard look at cybersecurity protocols and cybersecurity hygiene.”

Digital transformation is exposing cyber risk

But the digital transformation of traditional companies into technology companies is increasing exposure.

“Risk is evolving, very quickly. We have so much going on with IoT, and organisations that have been in one industry and are evolving into another industry. Farming companies are buying satellite imaging companies. What company isn’t a technology company in 2016?”

Snyder believes some industries are better prepared for cyber risks than others.

“I think some industries are more mindful that they have exposure. When you talk about US companies in particular, there’s a lot of regulation around privacy, so those industries that have a lot of private information on individuals such as retailers, financial institutions [and] hospitality tend to be mindful of the regulations, and are therefore better prepared or are buying cyber insurance already.

“Outside of those information holder industries, a lot of companies are just starting to think about their own cyber risk and how their exposures are evolving and how they prepared.”

Snyder says businesses have their work cut out for them.

“There’s a lot of preparation that goes into preparing staff. We know that about 40pc of breaches are by employees. Some are negligence, some are malicious, but all it takes is an employee who is not properly trained to click on the wrong link and, all of a sudden, the network is compromised.

“A lot of organisations are taking a good hard look at their employees and making sure their employees are appropriately trained so they don’t click on that link in an email.”

The cyber risk is evolving

Snyder says the risk is evolving constantly. “One of the things we are focusing on at Aon is how the risk is moving from the intangible world to the tangible world.

“So the potential for a breach of network security could result in physical damage to an organisation; let’s say malware gets on to operational technology and as a result, there is some type of explosion resulting in physical property damage.

“Also, when you think of the IoT, you have these devices that are connected to the internet.

“That allows hackers to have the opportunity to potentially get into those devices to put on IoT malware and could cause implications from a bodily injury standpoint.

“So really, the risk is evolving outside of the intangible and there are a lot of different insurance policies that could potentially be impacted by a cybersecurity breach,” Snyder warned.

John Kennedy is a journalist who served as editor of Silicon Republic for 17 years

editorial@siliconrepublic.com