As a sector intrinsically tied to digital technology, cyber insurance is known for its dynamic and evolving nature. In 2019, the cyber insurance industry began to grapple with multiple headwinds such as record General Data Protection Regulation (GDPR) fines and the introduction of new privacy regulations. In 2020, the landscape only became more complicated as the COVID-19 pandemic forced businesses into remote working arrangements that have made cyber risks a bigger threat still.
In the wake of the COVID-19 pandemic and the resultant implementation of social distancing directives, altered business processes and new economic realities, businesses must review and address their technology infrastructure and cybersecurity measures, according to Guy Carpenter-affiliate Marsh. The swift changes brought about by COVID-19 — including the movement of a large portion of the workforce to telework and the expansion of e-commerce footprints — has caused many companies to implement new IT capabilities ad hoc. Some provisional solutions have bypassed normal development, approval and deployment processes, which have often stretched or violated existing cybersecurity policies at the same time that the activity of bad actors has increased globally.
Preparing for the Post-Pandemic World
As social distancing measures abate — and ahead of a possible second wave of coronavirus cases — organizations will need to de-risk the enterprise and adapt operations to a “new normal.” This will require a thorough evaluation of pandemic-driven IT and cybersecurity changes, some of which were rapidly put in place during the response phase of the pandemic, followed by strategic adjustments of enterprise architectures, cybersecurity controls and business processes based on long-term operating strategies.
Even during “normal” times, policy often lags behind reality in today’s IT enterprises. In the pandemic rebuilding period, policy and documentation will need to catch up. Some changes made to address the pandemic may need to be institutionalized; others may need to be replaced with more secure and permanent solutions. All changes should be viewed through a resilience lens, leading to a more agile and secure future for businesses.
Guy Carpenter’s Cyber Global Center of Excellence is actively following and responding to significant developments in the cyber risk sphere and helping clients adapt to evolving technologies.