Cyber, as we know, is an emerging issue provoking much discussion. It is probably true to say that the discussion is not well informed, driven as it is by a product-centric view of the cyber world, where those products really only satisfy a small element of the real exposure associated with cyber. I encourage us to reflect on cyber through two lenses:
Needs Based Solutions
First cyber risk transfer solutions must be needs led, not product led. This is because, until you know the cyber vulnerabilities of an organisation relative to the specific threats that organisation faces, you can’t really fill the gaps to the policy wordings as they exist (and most of these are thin and not standard).
Cyber Amplifies Many Other Risks
Second, cyber is not just a discrete risk but, perhaps more importantly, cyber is an enabler/amplifier/accelerator of risks that we are already embracing in our portfolio including but not limited to D&O; Crime BBB; the R in K&R etc. In combination, these things mean that successful cyber engagement is just as much about understanding the ramifications upon existing classifications of risk as it is understanding the new perimeter of cyber.
Speaking of new perimeter, cloud computing is rapidly becoming a key component of many organisations’ technology enablement strategies as they continue to seek differentiation in competitive markets. Cloud however is a significant issue from a risk perspective, both in the context of governance and compliance, for example, geographic location of data – are you sure where personnel data is resident, and is that consistent with the jurisdiction of geographies where client organisations operate?
Also in the context of distributed data across many cloud service providers means that accidental aggregation that can compromise the re-aggregated credentials is a real issue.
Cloud therefore constitutes an arena where we are only now coming alive to some of the dimensions of complexity with which we are going to have to wrestle in the coming 12 months. Helping guide clients through the maze of uncertainty to get to the right risk transfer solution is something that we all need to reflect upon.
This post was originally published January 27th, 2015.