In this episode of the S-RM Insider podcast, resident cyber experts Kyle Schwaeble and James Tytler are joined by two special guests; Liam Cattermole-Ward, Senior Claims Adjuster, from Munich Re and Rosehana Amin, Partner, at Clyde & Co LLP. Together they discuss the latest in ransomware trends, key developments in the cyber insurance landscape and the differences between large enterprise and SME incident responses.
Listen to the S-RM Insider podcast
 |
 |
 |
 |
Mission impossible? Predicting the future of cyber threats
Our panel started with an examination of the current landscape of cyber threats, with the group agreeing that law enforcement takedowns of major cyber criminal groups are likely to continue and be successful. However, Roshana also projected an increase in ‘lone wolf’ attacks. She highlighted that these smaller, less familiar threat actor groups complicate cyber security defences, breach responses, and legal compliance. "It's making attribution harder for us and for the organisation as we talk to them and they ask 'who are we dealing with?'... We don't really know who's really behind it," she explained.
The state of cyber insurance
Moving to the insurance angle, Liam expressed that there is a general push to grow cyber insurance books. But he also emphasised that insurers need to carefully manage the increased risks brought about by larger portfolios, ensuring that growth is rooted in sound underwriting and accurate risk appetites. "Growing at a sensible rate, and making sure that the underwriting is sound and the actual risk appetite is correct because it's an ever-evolving landscape," Liam asserted.
Laim also pinpointed that APAC as a region is ripe for growth in cyber insurance. "When you look at the untapped element there, I think the growth is huge," said Liam, a sentiment Roshana agrees with, but she also notes the growth in data privacy regulation in the region too, citing the new Digital Personal Data Protection Act that was passed in India last year and China’s privacy laws passed in 2021 as examples. "So as the cyber insurance market looks for opportunities to grow, we need to keep an eye on the regulatory landscape... Understanding that organisations have obligations to notify and then understanding the value of data."
AI can impact every line of business when you boil it down – it's just another tool."
Dangers and benefits of AI technology
The experts agreed that Artificial Intelligence (AI) technology is a double-edged sword. As Rosehana notes, "We've had lots of queries from insurance [companies] to understand how AI can both be a risk and opportunity for the market." Kyle notes from cyber security standpoint, there's probably been an overreaction on the threat it poses so far. "I don't think it's necessarily revolutionising the threat landscape, but we are seeing AI being used a little, for example when it comes to crafting phishing emails. But I wouldn't say a dramatic increase as yet. We're also seeing AI being used a little on the defensive side, looking to identify new threats in a breach for example." Liam also raises a crucial point that AI risks are not confined merely to cyber realms, "AI can impact every line of business when you boil it down – it's just another tool."
Does company size make a difference?
The discussion then shifted to the differences and challenges encountered by SMEs versus larger enterprises when dealing with cyber security responses. Rosehana highlighted that from her role as a breach coach, finding out where the client's data sits and how the data might be impacted, especially for international multi-jurisdictional breaches, is a key challenge.
When it came to discussing legal claims and long-tail risks, Rosehana underlined that, more often than not, the size of the business doesn't dictate the extent of the legal challenges as much as the sector they're operating in does. She pointed out, "It's less what to do with the size of the business, but more to do with potentially the sector they're in."
Liam agreed with the legal perspective and also highlighted the challenging element of budgeting for potential litigation in the wake of a cyber incident. He underscored the necessity for cyber insurers to anticipate long-tail outcomes that might not emerge until several years after the occurrence of the incident. "Growing at a sensible rate and making sure that the underwriting is sound and the risk appetite is correct – because it’s an ever-evolving landscape – is the biggest challenge for the market at the moment," said Cattermole-Ward.
Teamwork is key
In wrapping up the discussion, the panel agreed that in the dynamically shifting arena of cyber security, the strategies and tactics employed by insurers, companies and cyber security experts need to be flexible, anticipatory, and agile. Collaborative interactions are key, reinforcing the importance and value of trusted partnerships that ensure smooth and efficient responses.
-1-1.jpeg?width=121&height=121&name=MicrosoftTeams-image%20(11)-1-1.jpeg)
