Most insurance executives are aware of the dangers of cyber-crime. However, many carriers have been slow to build up business resilience to combat this threat. Resilience needs to be established throughout the organization and driven by the leaders of the business.

Every large insurer is under threat from criminals eager to disrupt or exploit its digital systems.  Sooner or later its defenses are going to be breached and valuable data will be at risk. How carriers respond will determine whether such an intrusion is a set-back or a disaster.

As I mentioned in my previous blog post, insurers should no longer just concentrate on building up defenses against cyber-attacks and trying to avert technical failures. Security breaches are unfortunately inevitable. Instead, carriers need to build business resilience. This enables them to keep strengthening their cyber-security. But also allows them to respond quickly to limit damage to their organization should their defenses be breached. Such a strategy is essential. The threat of cyber crime continues to soar. And so too does the potential damage that security breaches can cause insurers.our research shows that many carriers have been slow to beef up the resilience of their businesses.

Resilience - Not Just for Systems: Enterprise resilience is not limited to enabling technologies

Resilience needs to be established throughout the business. It can’t be confined to enabling technologies or IT systems. It has to be an integral part of how the business functions. Continuity plans and failure scenarios, which encompass the whole of the organization and extend across its value-chain, need to be drawn up and frequently tested and reviewed. They should incorporate the organization’s physical assets, its employees, and its agents and ecosystem partners. All of them are critical to ensuring the business functions smoothly after a cyber-attack or information systems failure.

Responsibility for business resilience can’t be consigned to a single executive such as the chief information officer, chief information security officer or chief risk officer. The head of the organization, the CEO, must take ultimate responsibility but work closely with other members of the executive to ensure resilience is inculcated throughout the business. When a cyber-security breach occurs the CEO’s first retort should be: “how is our plan working?” Not: “what is our plan?”

Only half the executives we recently surveyed said they have board-level committees that focus on business resilience. And, on average, only two executives are responsible for monitoring and improving it.

In my next blog, I’ll discuss how insurers can improve their business resilience. Until then, have a look at these links. I think you’ll find them helpful.

How Insurers can boost resilience in the face of cyber risk (Infographic)

Business resilience in the face of cyber risk

One response:

  1. Hello Tim…great article. Hopefully you can help me explain to my executives how exercisers instill resiliency, as they do not seem to understand the benefits. Do let me know as I would love to hear your take on it.

Submit a Comment

Your email address will not be published. Required fields are marked *