“Whether a cyber attack is covered by an insurance policy may depend on the motive for the attack and its perpetrator … as this will affect whether clauses and exclusions for cyber insurance can be considered”according to a recent report issued by the CRO Forum which was entitled “Cyber resilience – The cyber risk challenge and the role of insurance.

Also the report makes this observation about the Chief Risk Officer (CRO) who:

…has an important role to play within an organisation in working with internal stakeholders across business functions to promote awareness and understanding that support effective risk management of cyber risk” 

Here are 5 factors influencing the threat landscape:

  1. The cloud – Businesses are becoming far more complex as they outsource bespoke requirements and large scale infrastructure to external cloud providers.
  2. Shadow IT -The growing use of “shadow IT” – when business functions procure IT solutions without involving the IT department – is eroding organisational boundaries.
  3. Mobile and flexible working – The rush to provide new services on platforms such as mobile devices and through social media is exposing companies to unforeseen risks and new technologies that are less understood.
  4. Bring your own – The traditional boundaries and tight controls enjoyed by IT are being devices eroded as organisations embrace “bring your own device” (BYOD) solutions and web collaboration services to support mobile working and customer engagement.
  5. Internet of things – The growing connectivity of devices via the internet (e.g. smart home appliances) is increasing society’s vulnerability to cyber attacks on control and infrastructure systems.

In order to minimize disasters and have the right insurance coverage all businesses must understand their cyber risks.