Research by Accenture on the extent of cyber risk suggests how carriers can steel themselves against threats to their IT and cyber security.
Knowing your exposure is always critical. But the Accenture survey Business Resilience in the Face of Cyber Risk found that just five percent of carriers run simulated attacks and system failures to test their systems’ resiliency. In addition, just over half—52 percent—of survey insurance executives reported that their organizations have produced threat models for existing and planned business operations. Less than half—47 percent—map and prioritize security, operational and failure scenarios. And only 14 percent consistently design resilience parameters into the operational models and technology architectures.
The survey also found that just a little over one-third—38 percent—of executives strongly agreed that their organizations balance spending on iron-clad security measures and growth and innovation strategies. Some 49 percent merely agreed, indicating there is room for improvement in this critical area.
Accenture’s 2015 Global Risk Management Study: North American Insurance Report provides more insight on how insurers can better prevent IT failures and cyber security breaches. For example:
- 50 percent of respondents strongly agreed and 36 percent more slightly agreed that digital presents an opportunity to present the risk function as a business partner.
- 44 percent of North American respondents say their risk management functions to a great extent have the necessary skills to understand cyber risk. While that level of confidence was nine points higher than among insurers elsewhere in the world, it demonstrates that the risk functions at more than half of North American insurers either do not have this expertise or have not demonstrated it.
We also suggest that insurers consider:
- Embracing the digital ecosystem. Take advantage of digital capabilities and technologies outside of the enterprise to strengthen strategic decision-making.
- Manage digitally. Develop the ability to orchestrate, in real time, the myriad internal and external services required for a multi-speed business and IT.
- Institutionalize resilience, because it is not a point in time initiative. Resilience must be part of the fundamental operating model—engrained into objectives, strategies, processes, technologies and the culture.
To learn more about the study, download Business Resilience in the Face of Cyber Risk (PDF).