Other parts of this series:
- P&C insurers will need to overhaul their risk management to seize platform business opportunities
- Clear risk-management guidelines enable P&C insurers to bolster their business resilience and cyber-defenses
- Staff training and skills development are strong defenses that P&C insurers can deploy in the fight against cyber-crime
- New digital technology provides P&C insurers with powerful tools to counter escalating cyber-threats
Rapid developments in digital technology have increased the scale and sophistication of the cyber-risks that P&C insurers must manage. However, they’re also providing carriers with an array of new tools to counter cyber-threats.
Advances in digital technology have dramatically increased the business risks that property & casualty (P&C) insurers face. The threat of data breaches, distributed-denial-of-service attacks and cyber-ransom demands from criminals, activists and even nation states is climbing fast. Cyber-attacks are increasing in frequency, scale and sophistication.
Effective enterprise risk management strategies, as I mentioned in an earlier blog post, should integrate the oversight of both cyber-risk and operational risk. This not only strengthens an insurer’s defenses. It also enables the company to respond quickly to a cyber-security breach and staunch the damage it causes.
Fortunately, new digital technology doesn’t just increase risk. It also helps organizations better manage it. Advanced data monitoring and analytics tools, for example, allow insurers to consolidate their risk activities and track a wide range of systems, processes and procedures throughout the organization. They can provide a common analytics layer, spanning cyber-risk and operational risk, which alerts designated employees to potential threats.
The application of such digital tools, however, is just the first step. P&C insurers keen to deploy digital technology to bolster their enterprise risk management strategies need to venture further. Together with Chartis Research, we’ve identified some important additional steps.
Unify data models and standards. Effective risk management requires access to information from across the enterprise that often resides on disparate IT systems and applications. By unifying data models and standards, insurers can pull data from a wide range of operational risk applications that address, for example, money laundering and fraud. They can also draw information from a variety of cyber-security indicators that monitor such risks as malware detection, software patches and systems-access applications.
Apply a metadata approach. Integrating the management of cyber-risk and operational risk using a metadata approach provides insurers with a logical and manageable view of all relevant information. Audits, workflow analysis and case management can be performed quickly and efficiently.
Implement real-time reporting. Traditional “snapshot” approaches to risk management, which rely on regular audits, should be replaced with dynamic, real-time reporting. Automated data feeds allow insurers to set up real-time risk alerts, spanning organizational risk as well as cyber-risk, which provide an early warning of potential threats.
Improve anomaly detection. Current anomaly detection systems tend to search data for known patterns of activity that indicate possible security breaches. However, new patterns also need to be detected and many of them can be predicted. Advanced anomaly detection systems incorporate sophisticated analytics technology that enables them to scan a broader range of activities and identify unusual behavior.
Integrate case management. Insurers, and many other financial institutions, tend to support multiple lines of business that use their own management databases and workflow solutions. Risk management can be improved substantially by pooling information from different lines of business in an integrated framework. This enables unusual patterns of behavior and new security threats to be identified and remedied far more quickly.
For further information about implementing an integrated risk management strategy, have a look at these links. The contain plenty of useful information.