22/Jul/2019
Given the often personal nature of how it does business, as well as its fondness for tradition, how can the insurance industry make the most of working with cyber security providers? We spoke to Silvi Wompa Sinclair, Insurance Business Director, CyNation, to find out.
“Insurers can work with cyber security providers such as CyNation in two ways,” explains Silvi (right). “First, insurance companies are like any other type of corporate entity. They have their management, their operations and suppliers and they manage large amounts of data, just like any other firm. A cyber security company like CyNation can definitely assist an insurer with understanding the exposures that are primarily coming from their supply chain or from their third party ecosystem.
“Insurers are incredibly data-rich companies and it’s fascinating that they use so little of this data. With all of the regulatory pressures that are mounting and the responsibilities that insurers have, they are hugely exposed because of where the data is held and who knows about it. Obviously not all cases are equally sensitive, but there are tremendous amounts of very sensitive personal data sitting with the main insurers. CyNation can certainly help them in that regard, as a corporate entity in its own right.
“The other – and perhaps larger scale aspect – might see a firm like CyNation contributing to an insurer’s underwriting activities. This might be in a specific area like cyber risk, which I would call information security risk, but also in areas like Know Your Customer (KYC), anti-money laundering (AML) and various types of fraud attempts in claim situations. It doesn’t really matter what kind of claim it might be, because it comes down to what kind of activity has a certain client or third party been taking.
“What CyNation could do is provide an insurance company with the data needed to obtain a better real time, here and now continuous view of what risk exposure is actually posed by a client or potential client and hence what should be the price of coverage.
“This approach would differ from what happens now, where the insurance company does quite a lot of guessing and allows the potential client to say: ‘oh yes, we have a security policy in place’. However, nobody is really asking: ‘OK, but do you implement it? Have you had any breaches? What do you do with those breaches?’ The way that underwriting is done at present, that layer never really gets seen.”
