By Rob Fischer
Policy Project Manager, Casualty
Now is the time to change your passwords and set up the two-factor authentication setting that you’ve been putting off for months, because it’s Cybersecurity Awareness Month! It’s also a prime opportunity for individuals, businesses, governments, and the insurance industry to prepare to counter the ever-changing cyber threats.
This year’s Cybersecurity & Infrastructure Security Agency theme for the month is “Building a Cyber Strong America,” which focuses on the need to strengthen the online security and infrastructure of the nation from the top-down, for the government, large and small businesses, and individuals. The need is real.
Cyber-attacks on individuals can come in many forms. Phishing schemes, social engineering, wi-fi hacking, malware, spyware, and ransomware are all strategies that bad actors use to gain access to a person’s information to steal, extort, or defraud the victims.
Insurers and businesses face similar risks as individuals on a larger scale. The same types of attacks that hackers use to target individuals also work against businesses. Major interruptions can impact a company’s ability to protect customer data, function normally and make a profit, pay its employees, or even stay in business. Businesses can help prevent cyber-attacks and the damage done in the case of an attack by regularly training employees on cybersecurity measures, keeping all software and antivirus protections up to date, conducting regular data back-ups, all the way up to choosing not to respond to ransom demands and involving the FBI should the worst happen.
The government faces some of the same risks as businesses and individuals operationally, with the added complication of critical infrastructure considerations. If the government were to lose data or control over the operations of critical infrastructure, it could negatively impact the lives of the Americans it serves by limiting access to public utilities, emergency services, transit, and public health services. Many of the same strategies and best practices used by businesses, such as encrypting data, requiring trainings and strong passwords, and employing multi-factor authenticators, are also being put in place to protect state and local governments.
Tapping the expertise of actuaries, cyber insurance adds another and different type of critical protection with regard to cyber vulnerabilities.
The Academy’s Committee on Cyber Risk has been on the forefront of research into the critical and growing cyber insurance field since releasing the Cyber Risk Toolkit in 2021. To date, the committee continues to make regular updates and release new chapters to the collection of timely analyses. The toolkit contains a number of focused papers exploring specific areas of cyber risk for actuaries and others, including a thorough introduction to cyber insurance, a look into the security concerns related to digital assets and cryptocurrency, a discussion around the growth of ransomware attacks, reflections on international cyber reinsurance, and more. The committee is currently working to update its personal cyber chapter, which will go into further detail on how individual consumers can improve their cyber resiliency.
As cyber threats continue to change and evolve, the committee, as well as the Academy more broadly, will publish more on trends and threats in the market to keep Academy members, regulators, insurers, businesses, and the public informed. For the latest insights into the topic, join the committee’s annual webinar, “Navigating the Cyber Risk Landscape: New and Emerging Work” on Oct. 29. This annual event helps keep us all up-to-date on the ever-shifting cybersecurity landscape. Additional resources can be found on the Academy’s Policy Forum.
October will come to an end before we know it, but the Academy will continue to remain engaged and vigilant vis-a-vis the now-perennial concerns of cybersecurity.