Cyber high on agenda at BIBA amid concerns over threats

As delegates gathered for the opening day of the annual conference of the British Insurance Brokers’ Association (BIBA) businesses and brokers have been warned that they need to place cyber risk at the top of the corporate agenda.

Emma Drounieau sales manager at CyberCube told Emerging Risk: “The increasing reliance on technology and the rise of ransomware activity in recent years have made cyber risk the most significant risk for any organisation, whatever its size or sector. Any business that uses a computer is now exposed to the risk of a cyber-attack, and data  shows that one in five UK businesses have experienced a cyber-attack or incident in the last year.”

She added: “Yet, although cyber risk awareness is growing across the board, the cyber insurance market in Europe is still a relatively under-penetrated market. Many businesses do not have cyber cover, and even those who do aren’t buying large enough limits, leaving them exposed to high, unforeseen costs. This is particularly the case for SMEs, for which data shows low cyber insurance uptake overall.

“This represents one of the greatest opportunities for insurance brokers to grow their business and play a key role in this role in this market by reinforcing their understanding of cyber risk and delivering value-added services to their clients.”

The company was in Manchester for the conference speaking with brokers and underwriters and Drounieau said education remained key for many clients.

“One of the main challenges facing insurance brokers and insurers is that many businesses are unaware of the impact cyber-attacks can have on their business and are failing to protect themselves from these risks,” she explained. “In this context, insurance companies and intermediaries have a key role to play when it comes to educating businesses of all sizes on their cyber risk and helping them create a more robust cyber risk mitigation strategy.

“We are increasingly seeing brokers and insurers adopt a data-driven approach by using platforms like CyberCube’s to enhance cyber risk quantification and mitigation for businesses. CyberCube specialises in delivering user-friendly cyber risk reports that provide the cyber and insurability data needed to assess a company’s risk profile and enable better-informed underwriting and risk transfer decision-making.”

Looking to the threats Drounieau  said there were core Emerging Risks.

“Ransomware attacks continue to be the most significant cyber threat for UK businesses and organisations across a wide spectrum of sectors,” she said. “The reach and scalability of ransomware techniques have dramatically expanded in recent years with the development of ‘Ransomware-as-Service’ (RaaS) and the proliferation of easy-to-use tools and online marketplaces. These forums where RaaS is traded have considerably lowered barriers to entry, and smaller criminal groups can now make a large impact working together, without an advanced knowledge of computing.

“AI will also likely make cyber-attacks against the UK more frequent and impactful over the next couple of years. While cyber threat actors are already using AI to various degrees, the latest NCSC report indicates that we should start seeing more sophisticated uses of AI in cyber operations to improve capabilities in vulnerability research, social engineering, data examination and coding.”

Drounieau  concluded: “While cyber criminals have traditionally focused on the bigger players, small and medium-sized organisations are now increasingly being targeted. These smaller companies have much less knowledge and resources when it comes to cyber security, making it easier for cyber criminals to successfully attack.

“An effective response to prevent future attacks must include investing in increased resilience and better-protected systems. In the medium-to-long term, the insurance industry will also need to shape cyber policy language and appropriately price AI risk into policies.”