JLT prescribes a top-down approach to cyber risk

Multinationals must protect their intangible assets by taking a top-down approach to cyber risk, according to JLT head of communications, technology and media practice Peter Hacker.

About 80% to 90% of a larger corporation’s value is driven by intangible assets, says Hacker, who identifies intangibles as comprising data, intellectual property, content, brand and reputation, which are most under threat from cyber attacks.

By taking a top-down approach to managing cyber risk, Hacker believes large corporates can better understand their exposures and seek unique risk transfer solutions that protect the firm’s intangible assets.

Speaking at the launch of JLT’s iPI+ (intangibles protection insurance plus), Hacker said: “One in every two chief executives or senior management is not directly involved in IT and cyber security threat analysis. This leads many firms to look at the problem from a bottom-up approach instead of top-down or it is being approached in an isolated way, vertically instead of horizontally.

In support of its clients, JLT aims to bring the severity of risk attached to intangible assets to the consciousness of boards and executives by allowing them to “feel” the effects of a cyber attack on their business using a new diagnostic tool, Cyber Incident Simulation, in partnership with Cybercrime Research Institute.

Interlinked with the iPI+ solution, the simulation gives executives, board members and stakeholders the opportunity to visualise and experience an attack on the firm’s intangible assets.

Cybercrime’s Professor Dr Marco Gercke said:  “The main idea of this simulation is that you can go beyond words because you can talk to a chief executive of a company and say this is your risk, this is the threat and the potential damage that can happen, but only speaking about it is not really effective. In response, we developed this simulation and the idea is to allow people to feel it.”

The simulation provides an all-round experience that also demonstrates how senior management can be targeted on an individual basis.

Hacker believes this approach will encourage chief executives at multinational organisations to implement a top-down approach toward cyber risk and seek solutions appropriate to the firm’s specific exposures and vulnerabilities.

“Every solution for a major corporation needs to be bespoke. It can’t simply be replicated because they can be confronted with different data directives, different outsourced suppliers or different ideas of internal vulnerability as far as hacking or malware cases are concerned, of which about 80% are committed by insiders,” Hacker said.

He added: “In the past 12 months, JLT has been investing a lot of time into a claims database.

“It means we are now in a position talk to corporations on an industry-specific basis about what limits they should buy, what deductibles they should buy and the structure of insurance wording they should look into.”