This latest piece is by Andrew Martin, CEO and founder of DynaRisk. As more of our shopping habits, web history and personal data moves online, Andrew puts the case that every one of us needs to be more cyber aware, and protective of our data.
The threat to a person’s online information is at an all-time high. Our data footprints are huge; often far larger than many can comprehend. In today’s world, people are around 30 times more likely to be robbed online than be mugged. With the threat dynamic constantly changing, understanding how to be safe online is now more important than ever before. It’s estimated that cybercrime costs the UK economy a startling £11billion every year.
Unfortunately, the truth is that businesses and brands can’t do enough to keep the information they have on consumers safe; companies that hold large amounts of data will always be attractive to hackers and cyber-criminals who will find new ways to gain access and obtain this information, whatever the defences. This means that almost everyone is at risk to a certain degree, and online fraud is a problem that isn’t going away.
When it comes to insurance cover, as with many things, the level of risk will vary by individual. Some people are better at taking steps to protect themselves than others; taking care with privacy controls, unique passwords and investing in the best up to date security software. Providing an insurance policy should therefore be tailored to individual risk factors and inclusive of incentives for proactivity.
Personal cybersecurity scoring
Using advanced technology, building a system that combines personal risk factors with external data and algorithms can help to determine an individual’s level of risk online. For brokers, this allows for easy identification of where an individual is likely to need an insurance policy. Running background checks on a potential client ahead of a meeting could uncover data breaches they may not even be aware of. This also provides benefits for the consumer; a picture of a proactive and responsible person generated by these checks provides more information on the level of existing risk, and lower rates that could be offered to customers taking the right precautions.
Cybersecurity is often a concept people struggle to tangibly understand or relate back to real-world consequences. It is nebulous – you can’t see it or touch it. Consumers (and employees alike) are quick to sign up to new services and apps with little attention paid to the terms and conditions of allowing access to data and information. Similarly, the same usernames and passwords are used widely, and people don’t think about the significance of having such an open social media profile. But by putting a score or a number to online risk, the reality of the situation becomes more tangible, and people become incentivised to improve their score and do something about it.
A scoring system can also help to raise awareness of the potential dangers people may not have considered initially. For example, with scores adjusting in real-time based on behaviour, people will be able to see that clicking a phishing email will negatively affect their score and alert them to the dangers so that they are more vigilant next time.
Not only does a system like this provide benefit to consumers, but insurance businesses also stand to gain from a clearer picture of their customers. This brings with it the chance of offering additional services such as personalised advice going forward.
The enterprise benefits
While increased spending on technologies designed to stop cyber-attacks is a good thing, many enterprises still overlook cybersecurity’s biggest threat – human error. Last year, it was found that 88% of UK data breaches were caused by human error and not direct attacks. As such, there’s also an opportunity for enterprise cyber liability insurance through using a personal cybersecurity scoring model. By assessing the devices and digital footprint of staff, a report highlighting vulnerabilities paints a more accurate picture of the risks. Individual scorecards provide businesses with real-time metrics to monitor employee behaviour after relevant training has been provided. With this approach, staff are engaging on a continuous basis; aware of their scores and ways in which they can improve them.
These reports also allow companies to vet the accuracy of assessments made by other organisations wanting to determine partner risk. A company can share data from its security score reports with an insurer who can take it into consideration when underwriting policies. Again, this leads to more tailored premiums, and a rate that’s more accurate and fairer to the businesses that are proactively working to improve their cyber defences.
Cybersecurity scoring is not just of interest to insurers; it’s also indicative to other industries that predicting and quantifying threats can service large groups reliably and effectively. Businesses that can collaborate to create a proposition that solves fundamental problems and reduce premium costs, all while empowering people at the same time, will be most successful.