The digitalisation of information, the widespread diffusion of devices always connected to the internet and the penetration of web-based services have revolutionised the operation of modern companies. Moreover, the current trends related to the diffusion of the Internet of Things and Industry 4.0 has resulted in the multiplication of connected devices and devices controlled remotely and via software even within traditionally non-connected production lines. This transformation also involves clear changes in the way companies perceive, manage and handle IT risk.
Computer security has traditionally been considered as a set of constraints added to pre-existing business processes, satisfied through the adoption of appropriate technological solutions and exclusive prerogative of the IT sector. This erroneous perception is now obsolete, and the most modern management approaches consider IT security as a necessary requirement to guarantee the correct operation of all business processes. As a direct consequence of this change of paradigm, IT security becomes a cross-cutting issue, affecting everyone within a modern company: Management is called upon to define its policies based on the company’s value chain, the technicians must put in place all the necessary measures to implement the policies defined by management.
Impact of potential cyberattacks on risk management processes.
The tremendous impact that incidents and cyberattacks can have on a company’s ability to generate profit in conjunction with the associated collateral damage (loss of reputation, penalties, legal consequences) makes it necessary also to consider IT security in the risk management process that characterizes each activity of a modern organization. Insurance policies have emerged on the insurance market for cyber risk assurances, which make it possible to transfer at least part of the risk associated with potential cyberattacks. However, today’s insurance companies — unlike, for example, auto or life insurance — do not have a great deal of data to create models to calculate risk in the cyber realm. Therefore, more comprehensive and reliable cyber intelligence data is needed to increase the risk appetite of insurers.
Even with the potential of cyber insurance becoming more widespread, it is necessary to underline the problems that still afflict the cyber risk insurance sector. These factors risk slowing down the growth of the insurance market, effectively limiting the possible choices of IT risk management by managers and creating a gap between the expectations of those who intend to take out insurance against IT risk and existing insurance products.
Potential problems for purchasing IT risk insurance?
The main difficulties in this area of concern include three fundamental aspects for the whole insurance sector: risk assessment, the assessment of the damage and the definition of the limitations of insurance coverage.
Despite the importance of these problems, it is clear that IT risk insurance will be the protagonists of substantial growth in the near future. In order for this growth to be lasting and to contribute to the correct management of IT risk by companies and organizations of any size, new strategies and methodologies must be defined to obtain a more accurate assessment of the various types of IT risk, the damage caused and the dynamics with where accidents and attacks occur.