Across the globe, AIG is observing new developments in the cyber risk and security landscape that may pose significant threats to companies and consumers. Many cyber risks are systemic, exemplified by the disruptive cyber breaches that emerged globally in 2017. While such large-scale, rapid-fire attacks spread from one country to another, they also united businesses and people worldwide around the common goal of staying secure.
From helping companies adopt some of the world’s best cybersecurity practices to guiding individuals on protecting their identities in the aftermath of large-scale data breaches, AIG can deliver unique perspectives that stem from our longstanding experience as a global leader in cyber insurance. As cyber risks around the world become increasingly common and complex, AIG can help its clients develop effective global cyber risk solutions. Through collaborative partnerships, AIG can deliver the meaningful risk insights that enable stronger and safer outcomes.
As the motivations of hackers move beyond disclosing or selling consumers’ personal data, global cyber risk insurance has evolved to protect against the latest threats. Consider the real risk of a malicious actor obtaining the data for accessing an aircraft control system. Remember that the May 2017 WannaCry ransomware attack, which scrambled computer data and demanded payment for access, hindered industries around the world and universities in China 1 , Canada 2 , and Italy. 3
From CEOs to students, the members of our interconnected, global society need greater protection from cyberattacks. In response, cyber risk insurance, which originally protected against data breaches and disclosure of information, has since expanded to help safeguard companies and individuals against physical losses such as bodily injury and property damage incurred from cyberattacks. Where once cyber insurance clients were mainly financial institutions, retailers and healthcare companies, now as more companies become aware of the threat, they include manufacturers, and transportation and energy companies.
Cyber risk insurers are responding to the growing challenge of securing our world by taking on a wider array of risks and increasing policy limits. While cyber coverage limits offered by many cyber insurers were just $10 million three years ago, today insurance brokers can place $500 million in programs. 4
Taking on these risks means insurers have an even greater incentive and are working even harder than before to help build models that can assess cyber risks and better predict clients’ cyber losses. Now, with more than 20 years of data on cyber risks and losses — as well as robust, ongoing efforts to understand the latest developments in the tactics hackers employ — insurers are in a unique position to help organizations manage their cyber risk.
These deep insights position the insurance industry to become a preferred partner for organizations and individuals in the challenge to fend off cybercrime. The goal for cyber insurers is to quantify their clients’ risk, and the strength of their risk management.
AIG regularly carries out stress testing, scenario planning and data analysis to help protect clients. These efforts may prove increasingly valuable to society itself, as cyber incidents become more prevalent and costly for companies and individuals. While insurers and their clients continue to collaborate on post-attack services that can help reduce losses, the emphasis of cyber coverage continues to shift from reactive to proactive, with pre-loss planning and services increasingly taking center stage. 5 Insurers are already working to identify and promote the spread of best practices for cybersecurity, and these practices help in setting the bar for organizations, for their own interactions with companies within their supply chains, and for individuals as well. 6