Most insurers have yet to build sufficient resilience into their businesses. They lack the ability to respond quickly and effectively to a cyber-security breach. But this can be overcome by embedding resilience throughout the organization, embracing digital ecosystems and employing digital management systems.

Building business resilience is the best response to the rising threat of cyber-crime. It enables insurers to continue to strengthen their cyber-security but also prepares them to act quickly and effectively when their defenses are breached.

The attitude of insurers, and other organizations, needs to shift from “will our cyber-security be compromised?” to “how will we respond when our cyber-security is compromised?” The increasing volume and sophistication of cyber-attacks makes it inevitable that big organizations will at some time succumb to a hostile intrusion of their digital information systems.

In my previous blog post, I pointed out that most insurers have yet to build sufficient resilience into their businesses. Responsibility for cyber-security very often falls on a few executives, such as the CIO or CRO. Business resilience should be championed by the CEO with the support of all members of the executive. Furthermore, the focus of many companies’ cyber-security initiatives tends to be too narrow. It concentrates on the organization’s enabling technologies or digital systems rather than addressing the whole of the business and its agents and partners.

To properly build business resilience, insurers need to take three bold but essential steps:

Firstly, resilience must be embedded throughout the organization. It can’t be added piecemeal. Nor can it be confined to a few select parts of the organization. It must be a fundamental component of the business and ingrained in its objectives, strategies, processes, technologies and culture. This will require new attitudes and skills throughout much of the workforce. Such change can only be achieved through clear leadership and direction from the CEO and other members of the executive.

Secondly, insurers must continue to embrace digital ecosystems. Participation in ecosystems undoubtedly increases a carrier’s exposure to the threat of cyber-attack. However, these emerging networks of digital services are driving much of the change and growth taking place in the insurance industry. They are likely to be vital for future business. Resisting, or withdrawing from, digital ecosystems is not a good risk management strategy. Isolationism rarely succeeds.

Finally, insurers need to manage digitally. Traditional, hierarchical methods of management aren’t quick enough to respond effectively to a breach of cyber-security. The pace of business in the digital economy and the speed of IT systems that drive the organization are just too fast. Digital management systems, that monitor and instruct a myriad of internal and external services, are essential. Such management systems should also include sufficient redundancy to protect critical business operations.

By shifting the cyber-security focus from protection to resilience, insurers can build businesses that are capable of responding swiftly and effectively to unexpected events that threaten the wellbeing of the organization. A comprehensive understanding of their points of vulnerability, and the likely effects of a cyber-security breach, will allow carriers to plan suitable responses that limit the damage to their businesses and brands.  Risk management will no longer be an exercise in limitation but instead will become part of the fabric of the company and the rhythm of its business.

For more information about how to build resilience in your business please take a look at these links.

How Insurers can boost resilience in the face of cyber risk (Infographic)

Business resilience in the face of cyber risk

Submit a Comment

Your email address will not be published. Required fields are marked *