What Is The Insurance Industry’s Role in Cybersecurity?

Mark Elliott, CEO of a Washington-based Consulting Company, Comar Cyber, participates in Risk Roundup to discuss the Insurance Industry’s role in Cybersecurity.

Insurance Industry’s Role In Cybersecurity

Over the years, insurance has become an integral part of major financial decisions for everyone (individuals and institutions) for their risks, resources, and assets in geospace, aquaspace, and space. Moreover, as we create new domains like cyberspace, the role of insurance remains vital for not only financial decisions but also the very foundation of our individual and collective security.

The reason is that irrespective of natural or human-made domains, the risk that reflects the probability of a loss persistently brings complex security challenges for individuals and institutions. Thus, the making of cyberspace has, in fact, fundamentally redefined the security complexities of all connected domains.

So, when cyberspace connects all known human domains and brings individuals and institutions numerous risks, and when one has assets to protect, the threats and vulnerability in security create the potential for financial risks and losses.

Now, the concept of transferring the economic consequences of risk, i.e., the purchasing of insurance protection, is an essential constituent of security and risk management. As a result, evaluating the insurance industry’s role in cyberspace, especially for Cybersecurity, has become essential.

Pooling Risks

The fundamental need for security has permanently been deeply entrenched across human civilization in all known domains. The story of the human race is, in essence, the story of security, and our very existence will never be understood unless security is taken into account.

While the idea of pooling risks originated a long time back, with each subsequent industrialization and the introduction of new tools, technologies, industries, policies, and processes, the insurance industry has developed rapidly over the years. However, with the creation of cyberspace and the onset of platforms, and the digital age, the insurance industry faces complex challenges of insuring digital risks with complex interconnectedness and interdependencies. The question is:

• How would the insurance industry deal with these challenges?
• What kind of new insurance will the cyber-security risks trigger?
• When the essence of insurance is the transfer of risk from the insured to one or more insurers, how much risk does a contract transfer?
• Would cyber-security insurance bring any changes to the way institutions provide insurance models and processes?
• How many risks do the current cyber-security policies transfer?

Minimizing Risk

Insurance has been and is still constantly in demand because individuals and institutions constantly look for new approaches and methodologies to reduce risk. Moreover, because of the growing security risks from cyberspace and increasing demand for new insurance tools, the reality of the narrow choice of insurance policies makes the insurance industry an attractive innovation and investment tool.

In addition, because the level of cyber insurance is concentrated in only specific locations in cyberspace, it could lead to huge losses and chaos in cyberspace and the cyber insurance industry and countries. The reason is that the accumulated effect of the minor collective breaches can lead to system failure. As a result, there is a need for innovation in how the insurance industry repackages its risk in catastrophe-linked cyber securities that mitigate insurers’ risk.

Undoubtedly, the connected computers and internet changed the insurance industry by blowing the insurance field wide open and adding complexity to the security risks.  While cyberspace helps individuals find the cheapest rate, businesses can also shop internationally for the right coverage, and insurance companies can also go global and merge with other financial services. The reality is that the access to global markets and the integration of financial services gives each insurance provider many opportunities and risks. Therefore, it is crucial to evaluate the risks and opportunities cyberspace brings to individuals, institutions, insurance providers, and industry.

The Role Of Insurance Industry

The fundamental role of the insurance industry is to help eliminate, transfer, or manage risks. Insurance is understood as a contract in which the insurer agrees to compensate or underwrite another insured party for specified loss or damage to a specified risk, resource, asset from specific perils or risks in exchange for a fee for the insurance premium. 

For example, a property insurance company may agree to bear the risk that a particular piece of property in geospace may suffer a specific type or types of damage or loss during a certain period, for instance, hurricane season, in exchange for a fee from the policyholder who would otherwise be responsible for that damage or loss. In cyberspace also related digital assets can be insured similarly. Such agreements commonly take the form of an insurance policy.

However, of all different kinds of insurance available across nations, the question is whether:

• Insurance providers can issue contracts where the risks have interdependencies
• It is possible to manage the interdependencies independently by the policyholders

Moreover, when cyberspace is evolving, and cyber-security risks are evolving:

• How should we define insurance today?
• How would insurance providers define and determine the length of insurance contracts that they can issue for cyber-security risks?
• How would insurance companies insure strategic cyber-security risks?
• How can any single insurance company insure such broad security risks in cyberspace?
• How do small organizations protect themselves from the risks of their digital assets being damaged or destroyed?

All insurance policies ultimately have the same goal—to ease financial burdens when disaster strikes. However, digital disasters are perhaps more in numbers and frequency and probably more in impact and severity. Amid that, the question is when comprehensive cyber policies would be available for consumers.

The bottom line is that the insurance industry will need to be a driver for securing cyberspace and be a key enabler of cyber-security risk management framework issuance, adaptation, and implementation. A partnership of insurance and security-centric cyber-security risk management will form the most effective offense and always be the best defense! So now is a time to talk about Insurance Industry’s Role In Cybersecurity.

For more, please watch the Risk Roundup Webcast or hear the Risk Roundup Podcast

About the Guest

Mark Elliott is the CEO of Comar Cyber, a human factors cybersecurity training company featuring online training courses for corporate and government staff. Prior to that, Mark served for over a decade at the CIA where he worked as an Operations Officer, an operational leader in field assignments, and a manager at CIA Headquarters. He has extensive experience at the intersection of HUMINT operations and technology. Mark worked with companies, investors, and other elements of government to identify, purchase, and create technologies for the CIA’s operational use. He used his extensive training and experience in multiple international and domestic tours to identify and counter nation-state cyber threats to protect enterprise and operational systems at the management and operator levels. 

Prior to joining the CIA, he co-founded an Internet start-up focused on online anonymity and secure communications.  Before that, he served as a State Department Foreign Service officer in Latin America.

Mark holds a B.A. degree in Government from Georgetown University and a master’s degree in National Security Studies from National Defense University with a certificate in cybersecurity.  His thesis was on creating a national cyber civil defense program by using the cybersecurity insurance industry as a market maker for security standards.

Comar Cyber is a human factor cybersecurity training company. Its online and in-person courses were designed by former intelligence operations officers. Comar Cyber trains corporate and government employees to defend against the most common and costly cyber-attacks: the ones that target people. Give your staff the training to fight nation-state and criminal cybersecurity threats. Visit www.ComarCyber.com.

About the Host of Risk Roundup
Jayshree Pandya (née Bhatt) is a leading expert at the intersection of science, technology, & security. She is a globally recognized futurist passionate about protecting the Future of Humanity. She serves in the C-Suite of leading emerging technology startups, actively applying her scientific background to designing systems. She has a Ph.D. in Microbiology for her 1986-1991 work on Hydrogen Production by Halobacterium halobium, for which she was also awarded a National Young Scientist Award in Biochemistry in 1988-89. In addition, she has done two postdoctoral fellowships, one at the University of Hawaii and another at the University of Chicago.  She also did her Executive Education Program in Operations and Change Management at Rice University – Jesse H. Jones Graduate School of Management in 2000 – 2001.  She founded Risk Group LLC in 2002 that evolved into a Strategic Security Risk Research Organization, Platform, and Community in 2015.  She is also the host of the influential Risk Roundup Podcast on a mission to talk to a million decision-makers. She has already carried out more than 260 one-to-one interviews with top decision-makers worldwide. She is now leading the global discussions on emerging technologies, technology transformation, and nation preparedness.  

Her scientific research has contributed to more than 30 peer-reviewed articles in top international journals. Moreover, her research across many other domains has contributed to more than 100 publications and is pursued to provide strategic security solutions.  She wrote for Forbes for a year in 2019-2020 and now writes regularly for Risk Group. In addition, she has published three Strategic Security Risk Reports and three books, The Global Age, The Quantum Threat, and Geopolitics of Cybersecurity. From the National Science Foundation to leading organizations from across the United States, Europe, and Asia, she is an invited speaker on emerging technologies, technology transformation, digital disruption, and strategic security risks. She can be reached at + (832) 971 8322 and followed on Twitter @jayshreepandya and LinkedIn @drjayshreepandya.

About Risk Roundup

Risk Roundup, a global initiative launched by Risk Group, is a security risk reporting for risks emerging from existing and emerging technologies, technology convergence, and transformation happening across cyberspace, aquaspace, geospace, and space. Risk Roundup is released in both audio (Podcast) and video (Webcast) format. It is available for subscription at Risk Group Website, iTunes, Google Play, Stitcher Radio, Android, and Risk Group Professional Social Media.

About Risk Group

Risk Group is a Strategic Security Risk Research Platform and Community. Risk Group’s Strategic Security Community and Ecosystem is the first and only cross-disciplinary and collective community that is made of top scientists, security professionals, thought leaders, entrepreneurs, philanthropists, policymakers, and academic institutions from across nations collaborating to research, review, rate, and report strategic security risks to protect the future of humanity.

Copyright Risk Group LLC. All Rights Reserved