In 2020, according to the Superintendence of Private Insurance (Susep), the premiums paid to
operators for contracting insurance against cyberattacks doubled in relation to the previous
year, totaling the amount of R$ 43 million.
The scenario is linked mainly to two movements we are experiencing. The first is the intense digital acceleration triggered by the Covid-19 pandemic, which exposes vulnerabilities and opens numerous doors for cyberattacks, and the second refers to the implementation of the General Law of Data Protection (LGPD), which today is ﹙or should be﹚ on the strategic agenda of 10 out of 10 companies operating in Brazil.
With the LGPD, companies must define a new model for handling personal data collected in their processes, enforcing the requirements of the law, under penalty of large fines in cases of leakage of personal information of consumers and clients. If the rules are not comply with, the fines can reach US$ 12 million or up to 2% of the company’s annual revenue.
In Brazil, the topic is of concern, since the country is one of the most exposed in the world and many companies are late in the process of adapting to the LGPD. A recent survey shows that the percentage of companies considered to be behind in the adaptation task is 82%, so there is still a long way to go.
How can cyber insurance collaborate in the context of LGPD?
While cyber insurance does not purport to replace adherence to LGPD requirements in any respect, protecting yourself from exposures that may still exist even with compliance to the law is fundamental to your risk management strategy. And this applies to companies of all sizes, from small entrepreneurs to large corporations. Digital risk management and cyber insurance
In order to transfer risks in the most qualified way possible in this scenario, it is necessary to have a personalized look at the reality of the business. And, as always in the insurance sphere, it is also worth pointing out that good prior work helps – a lot – to mitigate risks and achieve a good negotiation.
The damage generated by incidents involving digital assets and data is significant. A recent study by IBM Security shows that the financial impact of data breaches costs companies, on average globally, $ 3.8 million.
We know that insurance in itself does not prevent risk, but it strongly collaborates to control its consequences, bringing protection to companies regarding liability for the incident, in addition to ensuring business continuity by mitigating the financial impacts related to the new legislation, investigations, and indemnities.
Hard market scenario
With the increase exposure of the companies, the accident rates has also been showing an upward curve. Added to this context is the hard market cycle that has been imposed since 2016 on companies that are consumers of insurance solutions.
Source: Council of Insurance Agents and Brokers Q4 2020 P/C Market Report
When we analyze the year 2020, increases of up to twenty percentage points are observed for rates in the property damage and third-party insurance lines. Meanwhile lines of insurance pressured by emerging risks, such as D&O and Cyber Risks, showed even larger rate increases.
Digital risk management and cyber insurance
In order to transfer risks in the most qualified way possible in this scenario, it is necessary to have a personalized look at the reality of the business. And, as always in the insurance sphere, it is also worth pointing out that good prior work helps – a lot – to mitigate risks and achieve a good negotiation.
This means that being proactive with regard to the data protection scenario is fundamental not only to avoid problems and losses, but also to obtain a good scenario when placing the policy.
Among the initiatives that make a difference in digital risk management, I highlight employee training, since they often end up being gateways to attacks such as phishing and ransomware, as well as adequate governance and information security processes.
But is your company really prepared to face a cyber attack?
It is worth considering, for example, whether you would know which team to call upon and which mechanisms to use to lessen the financial and reputational impacts. After all, to prepare, the first step is to know how to protect yourself.
At Horiens, in 2020 we entered into a partnership with GC Security precisely to support our clients to have an increasingly broader view of the subject, combining cyber risk governance and assertive cyber insurance contracting.
It is important to be prepared and protected, because despite the already significant increase in the volume of cybercrime, there is no doubt that this is still an emerging risk. If you would like to learn more about how we can support companies on the agenda of cyber risk, send me a message or access the contact area on the Horiens website to start a conversation.
