Operational Cyber risk in the differing business model of Insurance Companies: the example of Poland
Operational Cyber risk in the differing business model of Insurance Companies: the example of Poland

Summary/Abstract: Cybersecurity has become one of the greatest challenges in today’s post pandemic, digital and intercon- nected world, and also a subject of strategic importance for the insurance industry. There is no doubt that the advance of technology and the increased use of big data and cloud computing have set up an op- portunity for insurance business, but they also expanded insurance companies’ vulnerabilities towards cyber risk. As insurers collect a large amount of confidential data, including protected personal sensitive information, they are a natural target for cyber-attacks. On the one hand, the aim of the article is to indi- cate how the risks associated with digitalisation affect the day-to-day operations in selected business areas of an insurance company, and which methods may be used to manage them, on the other. After a general review of cyber risk based on recent branch reports and survey results, the authors identified its global economic impact with particular regard to financial institutions, and also insurers’ exposure and perception of cyber risk and cybersecurity spending. Moreover, administrative decisions issued by the President of the Personal Data Protection Office in Poland, selected jurisdictions and loss scenarios for insurance companies were examined with a deeper dive into underwriting, selling, administration and claims handling processes. The results of the literature study show that cyber risk is recognized to be one of the most significant non-financial risks (in terms of the source, not result of the risk) for insurers and that many proactive security measures can be implemented. However, due to the high vulnerability to leaks of confidential personal and financial data or unauthorized system access, which may cause not only financial loss, but also business interruptions and reputational damage, in the au- thors’ opinion, loss prevention and reduction are insufficient. Thus, both insurance and non-insurance methods of external financing cyber risk results were indicated. On this basis, the cyber insuranceis considered by the authors to be the best tool providing both prevention and financial compensation in case of cyber incidents, also in insurance companies.

• Details
• Contents