The approach of companies, insurers and governments to tackling cyberrisk needs a rethink, a senior Marsh & McLennan Cos. Inc. executive said Feb. 22.
There are "many well-intentioned efforts underway" to tackle cyberrisk, including regulations on reporting data breaches, such as the European General Data Protection Regulation, Marsh LLC CEO John Doyle said at an Organisation for Economic Co-operation and Development cyber insurance event in Paris.
But the global insurance broker's CEO added: "It can be difficult to feel that [many efforts are underway], though, as the number of cyberattacks continues to rise and economic damages increase. The logical conclusion is that what we are doing is not working.
"We need to rethink our approach ... Better strategies can be advanced, but business, insurance and government must do their parts to find a better path."
Companies needed to treat cyberrisk as an enterprise-level issue rather than just an IT concern, Doyle said, adding that private companies need to do a better job of quantifying risk and businesses must achieve cyber resilience.
"Cyberrisks cannot be eliminated, but they can be managed," he told the conference.
The insurance industry could also do a better job of teaching its clients about the benefits of cyberrisk cover, according to Doyle. "And we can produce better tools and models to help clients keep pace with risk," he added. "We can also improve information-sharing with key stakeholders, including governments."
Premiums for stand-alone cyber cover are "a fraction" of the premiums for other lines of business, Doyle pointed out, saying: "We have only scratched the surface on cyber insurance."
He added: "That's troubling when you consider that cyber assets — intangibles like data, systems, software — are growing exponentially while insurance investment as a percentage of cyber assets is so much lower compared to the physical assets."
Doyle blamed the low take-up rate on insurers being worried about the risk and buyers being confused about what the coverage offers.
"In many cases, they are not convinced that coverage will protect them or perform when needed."