Small and medium-sized businesses are often left uninsured or underinsured when it comes to a catastrophic cyber event. Mass cloud outages, such as the recent global IT outage that disrupted systems across multiple industries, are an example of a cyber incident that is currently considered insurable up to a certain level of financial loss.
A whitepaper from Marsh McLennan (NYSE: MMC), the world’s leading professional services firm in the areas of risk, strategy and people, and Zurich Insurance Group (SWX: ZURN), a leading global multi-line insurer and provider of resilience services, highlights the critical need for greater public sector involvement to strengthen societal resilience in the event a catastrophic cyber event occurs.
The whitepaper, Closing the cyber risk protection gap, emphasises the urgent need for innovative solutions to close the gap between risk and insurance—particularly for small and medium-sized businesses that are often uninsured or underinsured—as rapidly-evolving cyber threats are outpacing the capacity of traditional insurance and risk management solutions to fully mitigate them. It highlights mass malware and mass cloud outages as examples of cyber incidents that are currently considered insurable up to a certain level of financial loss and events such as critical infrastructure failure, which are generally considered uninsurable.
According to Spiros Fatouros, CEO Marsh McLennan, Africa and South Africa, rapidly evolving cyber threats in South Africa are outpacing the capacity of traditional insurance and risk management solutions to fully mitigate them. This is also evident in the Global Risks Report 2024 by Marsh McLennan and Zurich Insurance Group with cyber security ranked as the top four most anticipated global risk in the next two years. Over the coming years, more sophisticated cyber defences will shift targets towards less digitally literate individuals or less secure infrastructure and systems.
Fatouros says: “In the near future, we could expect to see further unprecedented outages impacting business. As SMEs integrate into the global digital ecosystem, they encounter new risks and vulnerabilities that must be dealt with. Regardless of size or revenue, any organisation must start prioritising cybersecurity and to close the cyber risk gap.”
“From strengthening resilience to managing catastrophic risk, insurers, governments, and technology providers should strive to establish the right partnerships to ensure that there are viable solutions in place should an extreme cyber incident occur. This is particularly true for African businesses that are vulnerable to large-scale global cyber incidents.”
The whitepaper recommends that greater societal cyber resilience is necessary and outlines a framework and strategy for the insurance and public sector industries to implement.
According to the whitepaper, establishing a common framework for data sharing, greater and more meaningful collaboration, and innovation between the insurance industry and public sector is required to help tackle this protection gap, strengthen resilience, and safeguard societies and economies from the escalating cyber threat landscape. This not only includes ransomware attacks and threats from bad actors, but global IT outages and other increasingly interconnected incidents.
