News that a potential loss to the insurance industry from a global cyber-attack could be as high as $53bn has underlined the importance of managing incident response, Crawford said today.
Paul Handy, Global Head of Cyber Risks, Crawford & Company, says in today’s ‘always on’ world, insurance claims management has to respond instantly to threats against intangible assets like brand and reputation, and limit potential consequential losses caused by IT downtime.
“Indemnity, while still important, is often a secondary consideration,” says Paul.
“Crisis response-led insurance products are favoured by corporates on a frequent basis as they seek to prepare for and recover their businesses quickly after a cyber-attack.
“Indemnification is still an essential component of any cyber insurance program, but when the immediate threat is kidnapping IT systems for ransom – as organisations experienced after the WannaCry attack in May 2017 – our cyber incident response teams will align and focus on urgent and business critical needs including the provision of technical IT support, regulatory and/or legal advice, internal and external communication protocols and reputation/crisis management.”
There are few insurance markets where the risk profile has evolved in such a ‘real time’ way as cyber, adds Paul.
“The insurance industry and claims businesses like Crawford are expert at organisation of labour during a crisis.
“Being the first responder after a major incident is giving us a unique insight into the experiences of businesses as they respond to hacks, breaches and ransom demands. We are feeding this information back to corporates and underwriters in order to build a more coherent risk profile and claims history.”
The key message for insurers is that client demand is accelerating, says Paul. “Crawford has provided cyber incident response support to businesses in every corner of the world. No single event is the same but clients have one thing in common; as they commit more resources to cyber insurance, they demand the reassurance that only experienced incident responders can provide.”