CEO Lloyd’s of London
This year’s UN climate summit feels busier and buzzier than ever – with industry, policy, research, NGOs and others all gathering discuss the urgent task of building society’s climate resilience.
It mirrors the scenes at Lloyd’s last week, where we saw a similarly broad audience – insurers, policymakers, academics, ethical hackers – gather for our inaugural cyber summit. Resilience was again on the agenda: this time, the need to build awareness and preparedness for potential cyber attacks.
With digital technologies now embedded in our organisations and communities – and the average small business cyber claim costing around $140,000 – cyber is a risk that threatens every one of us. And in our connected world, the potential impacts are much greater.
We’ve seen that play out in recent years, as the effects of Covid-19 and climate change have spread through our systems and societies.
But where climate is a realised threat that’s yet to fully mature; cyber is a mature threat that’s yet to be fully realised. And were a truly global cyber incident to happen, a virus in our technology could prove just as deadly and disruptive as a virus in our air.
So we can’t wait for an attack before taking action. The work has to start today, and the conversation must take place in every boardroom – and at every dining room desk – around the world.
The starting point is organisational resilience. And this isn’t the sole domain of tech wizards: 85% of cyber incidents could be prevented by the most basic IT hygiene – stronger passwords, multi-factor authentication, message encryption. In fact, 90% of breaches are caused by human error – so our solutions should focus as much on people as systems.
But it’s also vital to have the right protection in place. Knowing where you’re covered, and where you’re not, should be baked into every business resilience plan regardless of sector or size. Because if your business relies on payment systems – even if everything else is offline – it’s a digital business, and therefore carries cyber risk.
Yet when it comes to cyber insurance, there’s a huge gap. Most estimates put the global cyber protection gap – the potential costs not covered by insurance – at 98-99%. Even for frequent and visible threats like hurricanes, that gap is around 50%… so as insurers, we need to do more to raise awareness of the risks and the solutions that can take risk off of our customers’ balance sheets and onto ours.
Today, the Lloyd’s market provides around one fifth of global cyber insurance – a market we expect to treble between now and 2030. But we need smarter products, not just more of them. Through the Lloyd’s Lab and the collaboration of our market, we’re designing innovative new products – while pooling capacity and expertise to insure large risks. Most cyber solutions now go well beyond paying claims: offering access to experts who can help you respond and recover in a cyber event.
That innovation is helping us create more sophisticated and comprehensive solutions for our customers – but to build a cyber resilient society, a much wider effort will be needed. We need to learn the lessons of climate change and Covid-19 and get ahead of the risk before it materialises.
When it comes to cyber, we’re only as strong as the other links in the chain. Proactive resilience is the only course of action.
You can see more of our work on cyber at Lloyds.com.
https://www.linkedin.com/pulse/cyber-building-resilience-unrealised-threat-john-neal/
