Global Risk Perspectives - Monthly insights on geopolitics, trade & climate
Back to articlesPedro Pinhal
22.02.2022
Cyber Risk — A Priority for Executives & Entrepreneurs
Media attention and much-needed debate around the recent wave of attacks in Portugal have contributed to growing awareness of cyber risk among companies and society at large.
The number of cyber incidents in Portugal and the world has increased exponentially over the past few years. Such a growth trend was cause for concern to begin with, in this increasingly digital world. The threat of cyber-crime looms larger and more menacing by the day. One should mention that Portugal figures among the 30 countries presenting the largest number of cyber-attacks worldwide. Brazil is the 5th leading target for cyber-crime, surpassed only by the United States, United Kingdom, Germany and South Africa.
Although cyber risk has represented a major concern for risk managers and companies for years now, managing this kind of risk does not yet constitute a strategic priority despite its current scale and impact. Cyber insurance is an excellent risk management tool, but companies have yet to make use of it and thus reinforce their safeguard to ensure continuity and sustainability for their business.
Cyber security fundamental to ensuring business continuity
One key obligation for a manager is to guarantee business continuity and safeguard company activities, information and (the company's, as well as customers’) data. At present, this obligation is further complexified by a growing, inescapable reliance on digital tools.
In the pandemic, all organizations faced a trial by fire, as it were. It forced them to respond and adapt. Those who managed it best had previously implemented risk management practices and robust business continuity plans. Once again it became evident — under extreme circumstances at a global scale — that it is of critical importance to business continuity and success that all risk as may impact organizations (including, obviously, cyber risk) be subject to careful analysis and management.
In the early stages it is essential to understand and assess each risk as to its nature and impacts. Secondly, one must advance and implement prevention, response and recovery strategies that will mitigate the likelihood of targeted events ever taking place. Finally, one must minimize the impact of a cyber-security event through insurance, and so safeguard business continuity.
Cyber insurance
Cyber risk management within companies must include risk transfer to the insurance market through cyber insurance, so as to increase resilience and guarantee the continuity of operations and daily affairs. It should be noted that cyber insurance does to replace or exclude safety protocols or effective incident response plans; nor do these make insurance unnecessary or redundant. These measures complement each other. It is now established fact that most incidents stem, for a vast number of reasons and in multiple ways, from human error (for example, the mere loss of a laptop or phone; or the careless downloading of a malicious file attached to a phishing email) and cannot solely be ascribed to issues in infrastructure security.
The world of insurance has kept up with changing needs in the market and evolved to effectively respond to the needs of the insured. It has the necessary capacity to mitigate the economic and operational impact of adverse events in a meaningful way.
An up-to-date, soundly developed insurance solution goes beyond the limits and scope of traditional policies, offering integrated services and coverage. It includes services to prevent and monitor attacks, quick response to claims, as well as access to networks of IT specialists and forensic experts with relevant experience in such claims.
Simultaneously, cyber insurance covers the cost related to damage and losses suffered by companies themselves, loss of profit from business disruption, and liability to third parties.
In sum, cyber risk is no longer an emergent threat — it is clear and present now. One can in fact state that cyber incidents will happen — we're just not sure when. They are no longer a distant, abstract occurrence that only happens to other people and companies. No! Their impact extends across the board, touching all of society, which is to say, individuals, families and organizations small and large.
By Pedro Pinhal, Technical & Claims Director for MDS Portugal