Insurers must collaborate more closely with each other and technology firms to improve their understanding of cyber risk and better serve their customers, the former CEO of Lloyd’s of London has argued.
Speaking at Infosecurity Europe today, Inga Beale, explained that cybersecurity-related risk is one of the biggest rising risks facing global businesses, but also the one they arguably know least about.
“We’re trying as a sector to start collaborating together, with governments and with technology pioneers to gather data on all the incidents out there … to understand the scenarios in order to get pricing right,” she explained. “Insurance can be a wonderful way to mitigate risk.”
Lloyd’s is leading the way on this front, by hiring cybersecurity experts of its own to analyze anonymized data to uncover insights. It now accounts for around a quarter of global cyber insurance sold today, Beale claimed.
The data itself needs to cover a broad sweep of areas, not just technical information but also things like staff training, which is a “big factor” insurers take into account when drawing up premiums, she continued.
More generally, Beale bemoaned a persistent communications challenge between CISOs and board members. Although boardroom complacency about the cyber threat has largely disappeared: “Most of the time we don’t understand what’s being said,” she argued.
This can lead to board members asking the wrong questions because they “don’t want to appear dumb” and security leaders answering questions that haven’t been asked, Beale added.
“We need a feeling of trust and safety that it’s genuinely OK to have a conversation about what the board members don’t understand and what the experts think are the biggest risks,” she said. “Because board members hate it if risk isn’t under control.”
A tactic employed by Lloyd’s to tackle this challenge is to have one or two tech experts on the board, although diversity in terms of members’ backgrounds is also important, Beale argued. Similarly, CISOs should help by dropping the technical talk and engaging on a personal level.
“Just having a list of metrics or dashboards is probably not the most helpful to a board,” she added.
“It’s curiosity, conversations and exploring everything, and never being happy with the status quo [that’s most important]. You need the intervention of the human mind.”