Insurance and reinsurance broker Aon believes that although cyber security investment has increased rapidly in recent years, cyber insurance still represents only a small proportion of overall cyber spending.
The company argues that as cyber incidents generate greater operational and financial losses, many organisations continue to retain significant cyber-related financial exposure on their balance sheets.
According to Aon, cyber risk has expanded well beyond its traditional association with data breaches and notification costs to become a broader business issue. The company states that cyber incidents can now disrupt operations, affect supply chains and reduce revenue across multiple parts of an organisation.
The broker attributes this shift to businesses becoming increasingly dependent on digital technology. Cloud services, shared infrastructure and third-party software now underpin many critical business functions, meaning a single cyber incident can have consequences that spread across interconnected systems. The company notes that this can interrupt production, delay services and place pressure on cash flow.
The financial impact of cyber incidents has also changed, according to Aon. Rather than being centred solely on data theft, many of the most significant losses now stem from prolonged operational disruption, reduced business capability and lengthy recovery periods.
Aon also identifies artificial intelligence (AI) as a major factor reshaping the cyber threat landscape. While AI enables cyber criminals to carry out attacks with greater speed, scale and sophistication, the company believes it also provides organisations with more effective tools to strengthen cyber defences, improve threat detection and respond more quickly to incidents. Aon argues that businesses need to adapt their cyber strategies to take advantage of AI while managing the additional risks associated with the technology.
The company maintains that cyber risk should no longer be managed solely by information technology or cyber security teams. Instead, Aon believes organisations should involve both cyber specialists and financial decision-makers, as cyber incidents now have direct implications for financial performance, liquidity and capital allocation.
As Brent Rieth, Global Head of Cyber Solutions at Aon, added: “Cyber risk can no longer be managed solely as an IT or information security issue. Instead, stakeholders managing the risk and those managing the financial performance of the organization need to collaborate. Cyber must be addressed as an enterprise-wide concern with direct relevance to financial performance, liquidity resilience and capital allocation decisions.”
