In a recent interview with Reinsurance News, Martin Kreuzer, Senior Risk Manager Cyber Risks at Munich Re, discussed how the firm stays ahead of the evolving cyber threat landscape and how companies can enhance their preparedness against these threats.
Kreuzer offers his perspective on the current state of the cyber re/insurance marketplace, noting, “We’ve seen significant growth in the last decade, and a young market has matured. The insurance industry now understands cyber risks better.”
He emphasises that Munich Re, along with the broader industry, has developed substantial expertise in cybersecurity.
“Despite this progress, the cyber insurance market is still less mature and remains by nature more volatile compared to other lines of business.”
He continues, “One of the major tasks for the market is to continue maturing, expanding expertise, and creating a sustainable market with a clear risk appetite.”
Kreuzer explains that Munich Re plans to further enhance its expertise in cyber by “continuing to invest in in-house expertise globally and internal collaboration across business units, and across its central units.”
However, he stresses that internal efforts alone are insufficient. No single entity or industry can stay ahead of the cyber threat landscape and address all the surrounding challenges alone.
Kreuzer emphasises, “Collaboration with external stakeholders, like government entities, cybersecurity service providers, and associations is very important.
“Another aspect on how to stay ahead of these threats, is the necessity to learn from claims and new data that we gather, but also data that we buy. We need to continue to actively improve our accumulation modelling. This requires an ongoing multi-stakeholder effort within that risk management team to understand the threat landscape and then to draw the right conclusions from that.
“Sharing information appropriately is also important. Munich Re has been learning for many years but is still at the beginning of this journey to sustainably grow and mature the market carefully.”
At the same time, explained Kreuzer, the world relies heavily on digital services and products, making it very difficult to survey and assess the entire supply chain and its digital dependencies.
“However, the insurance sector can help by quantifying these risks, which everyone, from individuals to large companies, should do,” he added.
Kreuzer goes on to say that it will always be an ongoing “race between good and evil” in cybersecurity. Emerging cyber risks will continue to grow, especially with developments in artificial intelligence, which brings both opportunities and challenges by further automating cyber threats.
In response to these evolving threats, Kreuzer stresses the importance of companies being well-prepared against cyber risks, particularly through essential services that not only mitigate risks but also prevent cyber-attacks from occurring in the first place.
He states, “According to our Cyber Risk and Insurance Survey, the most important pre-incident services for companies was network security, followed by backup management, anti-mobile tools and access management.
“Having these security measures in place reflects the minimum requirement from cyber insurance providers before granting access to financial protection. This is very important to us, as you should do your basic homework first before getting access to cyber insurance.
“Therefore, if a cyber-attack does happen, these kinds of services should already be in place to mitigate the cyber-attack.”
He concludes, “Individual security controls are very important to mitigate risk and also to prevent cyber-attacks. This is something that the cyber insurance industry has really understood on a broad base, and why we are promoting that resilience, as it’s in favour of everyone involved. It’s in favour of the government, the insured entity facing cyber threats, and even the cyber insurance industry. So, growing the market together, being prepared, and enhancing resilience, are our major goals.”
