Allianz’s Risk Barometer 2024 raises a crucial point: is cyber still an insurable risk?
According to Allianz, increasing doubts create the need for expanding the role of cyber insurers away from being just about paying claims and instead leveraging risk expertise to promote prevention/preparedness to enhance resilience.
Such a collaborative approach was first seen in cyber insurance way back in 2000, with German re/insurer working in conjunction with German IT Security company Secunet, who provided ITSEC auditing as part of the underwriting process, as well as post-breach claims services (ensuring security patches had been applied in a timely manner, etc), and as such the Allianz approach can hardly be seen as innovative.
What is important however, is that there is recognition that every organisation differs due to their IT systems, topologies, operational processes, risk appetite, cyber security maturity levels, making peering for cyber risk financial quantification a fallacy.
Rather, the way forward, as proposed in the Allianz report, is working on an individual basis per client in understanding the management’s business objectives and strategies at the C-suite level, followed by how these imperatives cascade down into the entity all the way down to the highly specialised skills in securing the organisation concerned.
This has become increasingly the case, with AI L-L model roll-out globally en-masse across sectors, with a complete lack of threat vector/attack-surface/claims experience from which to model innovative new cyber threats, which may range from AI model compromise, to quantum cryptographic brute force attack impacts on encrypted proprietary data.
For those risk carriers relying upon prior CRQ models, or investors for ART ILS/ILW types of financial instruments, the emergent technologies from the past 12 months, coupled with emerging ones, from commercially viable graphene chip technology for neural network accelerator chips for example, are basing their risk assumptions on post-dated, already flawed models.