What's Happening?

Marsh on the changing and challenging nature of cyber risk



Working from home in an age of permanent digital disruption has gifted the corporate world with enormous opportunities for innovation and growth. But are we fighting a losing battle with the cyber criminals? 

Johannesburg, 04 May 2022 – With so many companies in South Africa making permanent changes to working patterns, the need for strong cyber security and risk mitigation policies is becoming increasingly important. Right now, the corporate world is still adjusting – and as it does, it opens up windows of opportunity for cybercriminals to take advantage.

This has resulted in increased exposure to cyber risk events, such as phishing, bugs, bots, spyware, adware and digital worms – all exacerbated by working from home and changes in the flow of data.

“Stronger, more resilient risk management practices are therefore necessary to avoid cyber risk and achieve sustained growth – but this new normal is also reshaping how the re/insurance sector operates,” says Spiros Fatouros, Marsh Africa CEO.

Cyber is fast becoming a systemic risk. The insurability of systemic risk is going to be one of the defining issues of the next decade for the re/insurance sector. As cyber risk is one of the most dynamic perils in the industry, carriers must carefully evaluate, manage, and quantify exposures. As regulators formalize capital requirements and mandate how risk appetite is measured, re/insurance companies are increasingly having to enhance cyber underwriting and reinsurance strategies.

That means investing in the development of innovative modelling capabilities and developing technical and underwriting cyber-risk talent. The latter is particularly important if insurers are to offer their clients the best security possible.

With so much at stake for businesses and their customers, companies in South Africa must act decisively. They should continue to strengthen key performance indicators for risk response times – like risk identification, assessment, and reporting. Companies can work with insurers to utilize data and analytics, which are widely acknowledged as an essential business enabler rather than just a compliance activity. Risk advisors can harness artificial intelligence, for example, to evaluate potential silent cyber exposure at an individual policy level.

“The number – and diversity – of companies purchasing cyber insurance continued to increase before COVID-19 in 2019, driven by growing recognition of cyber threats as a critical business risk. Now, as we adjust to the new normal in 2022 and beyond, we must work together to win the battle against cyber risk,” Fatouros concludes.