INTERVIEW: GERRY GLOMBICKI, FITCH RATINGS
More ransomware drives cyber price
Ransomware attacks continue to soar, demand is rising for insurance coverage and insurers need more data, according to Gerry Glombicki of Fitch Ratings.
The cyber insurance world is a rapidly changing landscape but Gerry Glombicki, senior director at Fitch Ratings, is adept at keeping abreast of the constant twists and turns in this world.
Speaking to Monte Carlo Today, he provided an overview of the soaring frequency of ransomware attacks, price increases and the future of the industry.
The short answer of why ransomware is proliferating, according to Glombicki, is that it’s a profitable enterprise for the ransomware actors.
A slightly more in-depth answer is that while ransomware attacks are profitable, and certainly some actors are seeking profit, some people’s motivations are simply to cause harm or disruption.
With increased attacks comes increased demand for cyber cover. However, rising numbers of attacks are not the only factors at play.
“Boards of directors are being held more accountable for this risk,” said Glombicki, adding that this is driving more board-level discussions.
“Boards of directors are being held more accountable.”
Gerry Glombicki, Fitch Ratings
Demand for coverage alone isn’t necessarily driving price increases, although it certainly puts pressure on the capacity, he added.
According to Glombicki, the combination of an increase in ransomware attacks, more frequent cyber events and an increase in the paying out of claims are driving an increase in pricing.
Predictability and products
Turning to how companies can help minimise their cyber risk, Glombicki set out staff training, multifactor authentication, and better monitoring of the systems, while noting that the weakest link of the cyber chain is humans.
“The attackers have to be right only once but you, as a defender, have to be right all the time. If you look at those odds, it’s pretty staggering. The biggest thing—not necessarily to eliminate the risk, because that is not going to happen—is to minimise the risks and do it an acceptable way,” he said.
But, given the magnitude of cyber risk, the re/insurance industry faces difficulty.
“What happened last year is different from what happened three, five or 10 years ago in terms of the risks.”
“One of the problems that the re/insurance sector has is getting good data on this risk. What happened last year is different from what happened three, five or 10 years ago in terms of the risks.”
Attempting to predict the future is difficult with auto insurance, he added, and even harder to do with liability and cyber insurance.
Glombicki warned that the telemetry is always changing. “I can look at the cyber profile of company X now and say ‘here are its vulnerabilities, and here’s its score’. Tomorrow that can change both positively and negatively,” he said.
But he is confident that the future holds opportunity on this front. He believes that the industry will be able to obtain more real-time data on the telemetry of the underlying companies themselves.
He suggested that instead of conducting one-time or quarterly assessments, insurers may begin asking for more frequent information. Simply putting a monitoring device on to a company’s network would not be easy, given the many questions surrounding privacy, and Glombicki noted that the ultimate goal was to obtain more real-time data to better accurately reflect the price and the risk.
“The idea of risk elimination is not happening in the cyber world, and to think we’re going to solve all the problems overnight or with some type of technology is not going to be the case,” he concluded.
Gerry Glombicki is senior director at Fitch Ratings. He can be contacted at: gerry.glombicki@fitchratings.com
Main image: Shutterstock / Brian A Jackson