Business

Managing cyber risk in the insurance supply chain

A key board with a padlock on top, illustrating cyber risk

Cyber risks are growing in the insurance sector Image: Photo by FLY:D on Unsplash

Charles Clarke
Director of Insurance, International, SecurityScorecard
This article is part of: Annual Meeting on Cybersecurity

Listen to the article

  • Cyber insurance is the fastest-growing sector in the world’s insurance markets.
  • Cyber insurance is experiencing a rise in claims, resulting in significant losses for cyber insurers and increased premiums.
  • To mitigate risk, organizations need to identify common security vulnerabilities, rank suppliers and partners according to risk, and collaborate with these partners to remediate known vulnerabilities.

Cyber insurance is the fastest-growing sector of the world’s insurance markets, but a recent increase in ransomware attacks and business email compromises has led to a sharp uptick in claims, resulting in significant losses for cyber insurers and increased premiums. The UK insurance industry is facing increased scrutiny from regulators, so it has become extremely important for these insurers to understand how to manage cyber risk within their own supply chains.

This industry plays a critical role in managing risks and protecting individuals and businesses from potential losses. However, with an increased reliance on digital technologies and interconnected systems, the insurance supply chain is becoming more vulnerable to cyber risks. From insurance carriers to intermediaries and third-party service providers, each entity within the supply chain can be a potential target for cyberattacks.

Discover

How is the Forum tackling global cybersecurity challenges?

The need for UK insurers to improve supply chain cybersecurity

To provide further insight into the UK cybersecurity insurance market, our cyber ratings service SecurityScorecard shared some key data regarding the top 50 insurers by gross written premium. This research, drawn from data from the SecurityScorecard platform, found that 50% of the top 50 UK insurers by gross written premium are exposed to third-party entities that have experienced a domain breach since 26 January 2023.

The data also revealed that 26% of the top 50 UK insurers have such poor cyber ratings that they would struggle to get cyber insurance for themselves.

Of the top 50 insurers in the UK: 40% have an A rating; 34% have a B rating; 24% have a C rating; 2% have a D rating; 26% have a risk rating of C or below; 74% have a B or higher risk rating; and 28% have an active infection from their public footprint

Clearly, more needs to be done by insurers to safeguard their web presence and the third-party vendors that they work with before new regulations catch up with them.

Upcoming third-party risk and supply chains regulation

With the White House’s recent release of its National Cybersecurity Strategy, multiple sectoral risk management agencies (SRMAs) have put forth new requirements to measure, report and manage third-party risk. In Europe, DORA will mandate banks, financial entities and select IT third-party providers within the EU to adopt robust cybersecurity measures. And, in France, a new cyber score law will require Internet-facing platform companies to disclose 'report cards' on cyber resilience based on third-party audits of systems and processes. You can’t manage what you don’t measure.

The move towards metrics, regulations and securing the supply chain all point to a future with greater cyber resilience. One where all stakeholders will benefit by improving their individual cybersecurity health for the sake of the greater good. With a more transparent and measurable view of cyber risk, the insurance industry as a whole can move towards a more sustainable and resilient future. By taking proactive measures to reduce cyber risk, insurers can significantly strengthen their cybersecurity posture and better protect themselves and their clients from cyber threats.

Have you read?

How security ratings can help with supply chain cybersecurity

Cybersecurity ratings can help with detecting these issues and remedying the problem long before the regulation is due to come in. Ratings can objectively monitor organizations’ cyber hygiene and gauge whether their security posture is improving or deteriorating over time. The third parties that comprise an insurer’s supply chain allow it to lower costs, innovate rapidly and work more efficiently and effectively. These are cloud hosting providers, vendors, service providers and any other supplier that assists an organization. They make doing business easier. Unfortunately, they also expose organizations to risk.

To mitigate this risk, organizations must build portfolios of the vendors in their ecosystems and be able to identify common security vulnerabilities, rank suppliers and partners according to risk and collaborate with these partners to remediate known vulnerabilities. Detecting these vendors and continuously monitoring them will enable organizations to assess risk in real time and stay ahead of threats to make these supply chains more resilient.

Loading...
Don't miss any update on this topic

Create a free account and access your personalized content collection with our latest publications and analyses.

Sign up for free

License and Republishing

World Economic Forum articles may be republished in accordance with the Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International Public License, and in accordance with our Terms of Use.

The views expressed in this article are those of the author alone and not the World Economic Forum.

Stay up to date:

Cybersecurity

Related topics:
BusinessCybersecuritySupply Chains and Transportation
Share:
The Big Picture
Explore and monitor how Cybersecurity is affecting economies, industries and global issues
A hand holding a looking glass by a lake
Crowdsource Innovation
Get involved with our crowdsourced digital platform to deliver impact at scale
World Economic Forum logo
Global Agenda

The Agenda Weekly

A weekly update of the most important issues driving the global agenda

Subscribe today

You can unsubscribe at any time using the link in our emails. For more details, review our privacy policy.

How new taxi marketplaces are tackling old challenges

Lars Christian Grødem-Olsen

December 2, 2024

The winners of the New Champions Awards 2024 are changing the world — here’s how

About us

Engage with us

  • Sign in
  • Partner with us
  • Become a member
  • Sign up for our press releases
  • Subscribe to our newsletters
  • Contact us

Quick links

Language editions

Privacy Policy & Terms of Service

Sitemap

© 2024 World Economic Forum