The warning to the insurance industry by the Prudential Regulation Authority (PRA) on the need for insurers to assess and anticipate the cyber-risk to which they are exposed through the policies they write for their clients is therefore timely.
Business advisory giant PwC says much work is still needed by insurers in order to measure and mitigate this risk. In a recent survey PwC found that less than 15 per cent of the insurers and reinsurers it cast the slide rule over said they had the data readily available to assess their exposure to rogue cyber attacks.
• READ MORE: Call for action as 1 in 5 firms hit by cyber attacks
This could be considered casual, particularly when more than two-thirds of the same respondents believe that the losses from a cyber “event” could trigger financial losses for insurers akin to those from extreme natural catastrophes such as Hurricane Katrina.
However, the bit of the PRA report that really caught my attention was its stricture that non-executive directors in particular should be held accountable for any failures to properly challenge management as they deal with cyber-security issues.
This is overdue. Non-executive directors – dismissed sardonically once by business magnate Tiny Rowland as “Christmas tree decorations” – have always seemed to get a lighter ride in the wake of corporate financial disasters than the executives.
For the regulator to say explicitly that, on one of the major risks du jour, independent directors should demonstrate that independence through robust cross-questioning in the boardroom is heartening.
Cyber risk is a major danger in our hyper-connected world. It is far too important, not just for corporates but for Britain’s vital infrastructure, to be facilitated by top-level groupthink.
What can we expect in 11 months?
June has proved unsettling for the second consecutive year. In June 2016 it was the Brexit vote; last month growth in services, manufacturing and construction all slowed. All bets seem to be off as to where we will be next June.