Insurers Can Boost Resilience on Cyber

A survey finds a shocking lack of preparation by insurers -- for instance, only 5% of carriers run simulated cyber attacks to test systems' resilience.

Chris Johnston

March 14, 2016

Research by Accenture on the extent of cyber risk suggests how carriers can steel themselves against threats to their IT and cyber security. Knowing your exposure is always critical. But the Accenture survey, Business Resilience in the Face of Cyber Risk, found just 5% of carriers run simulated attacks and system failures to test their systems’ resilience. Just more than half—52%—of insurance executives surveyed reported that their organizations have produced threat models for existing and planned business operations. Less than half of the executives—47%—map and prioritize security, operational and failure scenarios. And only 14% said they consistently design resilience parameters into the operational models and technology architectures. The survey also found that just a little more than one-third—38%—of executives "strongly agreed" that their organizations balance spending on iron-clad security measures and growth and innovation strategies. Some 49% "merely agreed," indicating there is room for improvement in this critical area. View the infographic that provides details of the insurance specific results. Accenture’s 2015 Global Risk Management Study: North American Insurance Report provides more insight on how insurers can better prevent IT failures and cyber security breaches. For example:

50% of respondents "strongly agreed" and 36% more "slightly agreed" that digital presents an opportunity to present the risk function as a business partner.
44% of North American respondents say that their risk management functions, to a great extent, have the necessary skills to understand cyber risk. While that level of confidence was nine points higher than among insurers elsewhere in the world, it demonstrates that the risk functions at more than half of North American insurers either do not have this expertise or have not demonstrated it.

We also suggest insurers consider:

Embracing the digital ecosystem—Take advantage of digital capabilities and technologies outside of the enterprise to strengthen strategic decision-making.
Managing digitally— Develop the ability to orchestrate, in real time, the myriad internal and external services required for a multi-speed business and IT.
Institutionalizing resilience, because it is not a point-in-time initiative—Resilience must be part of the fundamental operating model, engrained into objectives, strategies, processes, technologies and the culture.

To learn more about the study, download Business Resilience in the Face of Cyber Risk (PDF).

Chris Johnston

Chris Johnston is a managing director in the finance & risk business services group, and leads the F&R insurance business service across North America for Accenture. Over the years Johnston has led a broad range of strategy initiatives and complex transformation programs involving core finance, performance management, and other corporate functions and processes.

Top 10 Signs You Need a New SSE Solution

Dan Maier

Security service edge (SSE) solutions are crucial for protecting data, but as the market has evolved and expanded to over 30 vendors, some cracks are beginning to show.

Selective Focus Photography of Gray Chain Link Fence

Easing Access to Cyber Insurance

Andrew Homer

Insurers find it hard to gauge each client's level of cyber risk. Managed security service providers (MSSPs) can provide client readiness reports.

The Need for 'Systems Failure' Coverage

Stephanie Snyder Frenier

The recent CrowdStrike outage and disruption to businesses of all sizes has refocused attention on the value of cyber insurance for non-malicious losses.