Cyber risk management will truly go enterprise-wide in 2018, predicts Aon report
Advisen
Cyber risk management will truly go enterprise-wide in 2018, predicts Aon report
By Erin Ayers, Advisen
The longstanding walls between departments in organizations will finally disintegrate in 2018, bringing cyber into focus as a truly enterprise-wide risk, according to a new report from Stroz Friedberg and Aon.
As part of its 2018 cyber predictions Stroz Friedberg noted that global regulatory shifts and continued cyber events would compel a coordination of risk management and overall business culture on protecting non-physical assets. Chief risk officers and chief information security officers will work in tandem to include cyber risk management in every function of their organizations, the report suggested.
According to the report, the change will be driven by C-suites of major organizations as they seek to conduct more effective due diligence amid an active mergers and acquisitions landscape. The impact of cyber events on directors and officers is notably a concern, the report indicated.
“Whereas past directors and officers (D&O) liability claims over cyber incidents have largely been dismissed, we expect to see more claims successfully brought against D&Os, holding them personally responsible for the handling of cyber incidents. In our predictions, we examine how the events of 2017 shifted this landscape. With cyber events now ranking among the top three triggers for D&O derivative actions, we expect these claims to intensify in 2018,” stated Jason J. Hogg, CEO of Aon Cyber Solutions, in the report.
Stroz Friedberg and Aon cited a few of the prominent trends in cyber of late, including expanding risks due to Internet of Things devices being hijacked by botnets; bolder and more frequent nation-state cyber espionage events; the spread of misinformation and data integrity issues (which can impact corporate reputations); and more sophisticated spear phishing and social engineering schemes.
The report predicted a significant expansion in cyber insurance purchases as boards wake up to the risk of financial and reputational losses. The firms also commented that 2018 would be the year in which insurers would more firmly exclude cyber coverage from non-cyber policies.
“In response to the expanding impact of cyber risks on businesses across sectors and geographies and heightened executive concern over liability, the insurance industry will develop new cyber policies while restricting ‘silent’ cyber coverage in other policies. Additionally, both insurers and reinsurers will push for increased scrutiny and improved quantification modeling to better understand potential correlated and systemic cyber perils that could aggregate catastrophic losses across multiple industries and geographies,” Stroz and Aon said.
Editor Erin Ayers can be reached at eayers@advisen.com.
