As the situation in Ukraine evolves, businesses should be mindful of potential risks to their people, assets, operations, or supply chains in the region and globally. Marsh, as part of the Marsh McLennan family of companies, has created a page with information, tools, and resources related to the Russia-Ukraine conflict. Please visit the page for the latest information.

April 19, 2022

Keeping Pace with Evolving Cyber Risks

Dan Garvin

While cyberattacks have become more sophisticated than ever, cybersecurity vulnerabilities continue to multiply. From the SolarWinds trojan hack—estimated to cost insurers $90 million—to the Colonial Pipeline breach that brought the largest fuel pipeline on the East Coast to its knees, cyber threats continue making headlines around the globe. With these increasing risks, it’s important to not only stay up to date on relevant information related to cyber risk, but also to be aware of how evolving risks could impact you and your organization.

Impact on the insurance industry

As threats to cybersecurity rage on, insurance carriers are struggling to keep up with organized cyber-attacks. Pervasive attacks have crippled hopes and underwriting profits, resulting in the industry taking a longer-term view with higher rates and far more control. These cyberattacks have caused some recent reinsurance entrants to pull back which has reduced global capacity and increased costs through scarcity.

Impact on the most vulnerable industries

Some of the most vulnerable industries have been historically too slow to adopt cyber controls and coverage. This could spell disaster for organizations in these industries as cyber attackers are lurking. For instance, rural manufacturers are a prime target for ransomware attacks without proper mitigations. Organizations should also be mindful of any third parties they partner with as their vulnerabilities are often exploited to attack all parties involved.

Stronger cyber defense measures

Insurance carriers are looking to mitigate the growing risk of a cyberattack by requiring stronger cyber defense controls. Most carriers are now requiring multifactor authentication in their most comprehensive policies. Additionally, some coverages will be reduced or excluded without measures to avoid, detect or counteract security risks.

Cybersecurity = national security

It’s no secret that cybersecurity breaches have become a significant concern nationwide. With more advanced cybercriminals among us, there is now a broader array of targets susceptible to an attack.

Securities and Exchange Commission (SEC) Chairman Gary Gensler indicated they are considering extending the Regulation Systems Compliance and Integrity rule (Regulation SCI), beyond stock exchanges and large clearinghouses to broker-dealers and other larger financial forms. While it’s clear that no organization is immune to an attack, the costs are much greater for those unprepared for one. This has resulted in the U.S. making numerous mitigation efforts to combat this growing threat to our national security.

Understanding the Solutions

It’s more important than ever to understand the latest offerings in the cyber insurance market to ensure your organization is prepared for a data breach. The insured must be aware of all requirements and exclusions included in their policy. Lastly, be sure to be up to date on available policy forms and endorsements.

Next Steps

To ensure your organization is properly equipped for a potential cyberattack, it’s critical to work with an insurance partner who understands the market and what you need to stay prepared. Contact your local MMA risk specialist today to learn how to overcome any potential vulnerabilities that may be impacting your cybersecurity.