As cybersecurity threats continue to escalate in 2024, what should insurers do?

The insurance industry is expected to face mounting challenges as cyber threats continue to rise, predicted to be more recurrent by 2024. As insurers grapple with the complex landscape presented by cybersecurity risks, Director of Insurance Solutions at SecurityScorecard, Andrew Correll, offers some perspective on how the sector should prepare for this daunting task.

As cyber threats intensify in 2024, the insurance industry has to walk a tightrope. Correll suggests an intricate balance is required where insurers need to thoroughly vet companies for their risk profiles, while ensuring that effective safeguards are in place. At the same time, they need to stay competitive in a rapidly growing market - an attempt to increase market share could lead some to relax underwriting principles and reduce premiums.

This balance could cause confusion among insurance buyers trying to understand emerging underwriting trends and their impact on coverage. Correll advises insurance firms that reducing premiums can lead to increased exclusions, providing customers with a deceptive sense of security and potential financial losses in case of a cyberattack. He added that policyholders purchasing cheaper policies may discover, when filing a claim, the reason behind that cheap tag, which deceptively portrays cyber insurance as a scam.

Due to significant developments in forms of cyberattack, such as artificial intelligence (AI), Correll believes there will be increased challenges in 2024. He expressed that the insurance industry may not be ready to deal with the risks and intricacies that come with adopting AI technology, especially concerning policy pricing and underwriting. He further stated that data privacy would become a hot-button issue due to the rampant use of AI, causing disputes on whether liabilities for wrong usage fall under traditional cyber coverage or require specialized policies.

Correll also advises companies not to neglect internal vulnerabilities. According to Correll, firms will require transparency in cybersecurity like never before, necessitating robust internal controls to detect and seal security gaps. Towards this, insurers will demand multi-factor authentication (MFA) and require evidence of its deployment across all systems, along with other data. This increasing demand for greater visibility will likely see more insurers ask clients to share telemetry data in 2024. This data will give insurers a clearer understanding of internal controls like MFA and allow them to perform comprehensive risk analyses and offer bespoke security guidance to their customers.

Dr. Tim Sandle, Digital Journal's editor for science news and a practising microbiologist, reported having an interest in his state of the art, history, politics, and current affairs.