In 2018 uptake of standalone cyber insurance policies is expected to surge as companies respond to the growing cyber threat and regulators more strictly enforce and coordinate cybersecurity regulations, according to Aon’s 2018 Cybersecurity Predictions report.
As firms increasingly feel the heat of cyber attacks with reduced earnings, operational disruption and claims against directors and officers, they’re expected to move away from “silent” cyber cover included in other policies and into tailored entreprise cyber insurance.
Cyber insurance adoption will spread beyond “traditional buyers of cyber insurance, such as retail, financial, and healthcare sectors, to others vulnerable to cyber-related business disruption, including manufacturing, transportation, utility, oil, and gas,” said Aon Cyber Solutions industry specialists.
Firms will look for ways to integrate cyber risk more aggressively into their enterprise risk management, driven in part by the widening regulatory spotlight on cyber.
Aon said “in 2018, regulators at the international, national, and local levels will more strictly enforce existing cybersecurity regulations and increase compliance pressures on companies by introducing new ones.”
“Expect to see the EU Commission holding major U.S. and global companies to account for GDPR violations. Across the Atlantic, big data organizations (aggregators and resellers) will come under scrutiny on how they are collecting, using, and securing data.”
As the European Union rolls out the General Data Protection Regulation (GDPR) and big data aggregators come under scrutiny in the United States, cyber regulation will become more expansive and complex, spurring calls for international regulatory congruence.
Risk to large firms will likely come from third-party risk management, as small to mid-sized vendors or contractors increasingly become the target of cyber criminals who use them to penetrate larger networks on the Internet of Things (IoT).
The report cautions global organisations to consider increased complexities when it comes to how businesses use the IoT in relation to third party risk management.
Firms continue to underestimate and thus underinvest in security training and technical controls for insider risks; “many companies will continue to reactively respond to incidents behind closed doors and remain unaware of the true cost and impact of insider risk on the organization,” cautioned Aon.
Cryptocurrencies are expected to continue to support the flourishing ransomware industry overall, despite law enforcement catching up on some areas of tracing cryptocurrency exchange, such as through bitcoin wallets.
Criminals are also predicted to increasingly target transaction that use points as currency, driving adoption of bug bounty programmes by businesses with loyalty, gift, and rewards programs, such as airlines, retailers, and hospitality providers, will be the next wave of adopters, as criminals target transactions that use points as currency.