Today, financial services are shifting from hunted to hunter to defend themselves from cyber-attack. Like an umbrella, cyber threat risk spans not only the entire organisation’s functions but its supply chain too. The risks and impacts to insurers are no different. How should insurers adapt to limit their own financial and reputational loss in a constantly evolving cyber threat landscape? Indeed, what assumptions need to be made when providing cyber insurance and business interruption insurance into the market? The question is not whether an attack will ever occur but rather how to protect insurance customers on an ongoing basis. Stakeholder collaboration amongst insurers and the wider ecosystem of financial institutions, technology firms, advisors and regulators are perceived as the framework to enable a safe and sustainable digital society.

Putting cyber risks aside for a moment, let’s consider the cyber ‘opportunities’ driven by the adoption of cloud security models. Cloud offers threat risk reduction whilst powering digital transformation in an organisation, creating new ways of working and generating new business models. Yet it also means securing increasing quantities of data that insurers now need to manage – just like any other business.

Let us consider this in the context of hedging.

Imagine cyber security as a form of active hedging where an organisation looks to optimise cyber risk and limit what they are unwilling to accept. Imagine too that cyber insurance is a form of passive hedge, whereby a fallback risk position is that an organisation is willing to accept.

Most organisations now have cyber experts within their CISO / CIO teams who focus on keeping data, software and hardware away from threat actors. They’re also responsible for monitoring emerging threats and evolving technology trends. They worry about the consequences of a potential systemic or organisational failure. They’re ’actively hedging’ in a constant battle to mitigate risk. However, to bring some certainty to financial risk exposure, many CISOs or CIOs turn to cyber insurance, or they’re otherwise ‘passively hedging’. As cyber risk management becomes increasingly complex due to the unstructured nature of the data, cyber insurance needs to turn into an ‘active hedge' by integrating the cyber function into the cyber insurance policy unit.

To achieve this cultural change and business transformation, insurers have the unique opportunity to partner with the cyber security industry and redefine their fundamental role in the market. An insurer’s differentiator could go further still if they were to proactively manage cyber risk as a service within their organisation and across their insurance customers and partners as a business in itself that drives positive social impact, further mitigates the impact of cyber attack, and only insurers can do best. For example, a global B2B insurance business has already partnered with NCC Group to develop tiered cyber insurance packages adapted to the specific needs of their insurance companies worldwide. As part of these packages, regular technical assurance due diligence becomes a requirement to maintain the benefits of their cyber insurance protection dynamically. By doing so, the insurer promotes cyber resilience as part of the issuance of cyber insurance, hence protecting their customers and encouraging them to collaborate and jointly work towards an interconnected, cyber resilient digital ecosystem.

As one of the world’s largest independent global cyber security consultancy, NCC Group is also partnering with insurers to achieve an end-to-end, integrated framework for digital security review, implementation, remediation and improvement, across all their business units and jurisdictions. NCC Group is pioneering the use of a unique platform for the insurance market where people, processes and industry specific threat intelligence are brought together to create a tailored approach to cyber security. It's enabling rapid cyber risk quantification and mitigation. Insurers can jointly achieve threat profiling and a holistic understanding of the threats targeting their customers and partners, both now and in the future.

Insurance organisations are also collaborating with NCC Group to address the cyber talent gap, bringing new skills, innovative technologies and methodologies to adopt a true 'threat lead' cyber strategy as part of their digitalisation. The collaboration extends to advising executive boards and bridging between CISOs and the rest of the business. It's all done with a unified, agile, trusted approach for governance, technical assurance, cyber risk management, audit and compliance, just like any other financial risk.

Chat with NCC Group's Insurance team to update your cyber resilience for digital transformation evolves with revised, integrated cloud security governance, security improvement and remediation to protect customers from cyber risk.

We could be part of your ecosystem to secure your business, make it more resilient and help you realise a profitable future.

Aleader in the strategic consulting team, he’s a customer centric cyber professional with over 15 years’ experience in designing and delivering multifaceted cyber security programmes and wider business change initiatives in the public and private sectors. Through a combination of thought leadership, market and technology insight, Charles applies a pragmatic approach to organisational, cyber and technology risks/opportunities to support NCC Group’s clients realise their ambitions and business objectives.

A business Leader specialised in addressing risk, governance and compliance and realising the benefit of digital transformation across financial institutions through technology, people, processes and change management.