Technology is transforming the business landscape at an unprecedented rate, increasing the severity of cyber risks. Tiago Dias, Cyber Security Consultant at FM Global tells us how we can become resilient


More and more businesses are making use of new technologies. For example, IoT in the supply chain, AI to automate production - but these opportunities are surely matched with risks. How are new technologies changing the risk profile for businesses?

Companies have the need to reinvent themselves in a very competitive market and will be investing heavily in new business models in the coming years to increase efficiency and productivity. For example, according to Gartner, the number of IoT interfaces will increase to 20 billion in the near future. This will result in an increasing number of opportunities for hackers to conduct cyber-attacks, an issue that will need to be addressed by businesses. Additionally, many security features in industry are no longer controlled by humans, but by artificial intelligence. Whilst the growth of artificial intelligence may help business improve their cyber security, it will also be used as a weapon by hackers to conduct cyber attacks – part of an increasingly sophisticated toolbox that hostile actors possess.

Do these technologies make cyber risk more challenging? What are the biggest technology risks for companies?

The current development is a good opportunity for risk managers to assert themselves. As the number of attacks on organisations has continued to grow, the C-Suite has recognised that cyber security has to be a priority for the entire business. Technological innovations such as artificial intelligence and machine learning should certainly be a concern for businesses – the ever increasing sophistication of these technologies can be weaponised by hostile actors to conduct cyber-attacks. Those businesses which suffer a cyber attack are heavily impacted and likely to observe a decline in revenue – highlighting the importance of good preparation, emergency response plans and business continuity practices.

What steps do risk managers take to minimize and manage technology and cyber related risks?

It is essential that risk managers understand the dangers posed by cyber attacks – without this understanding it is very difficult to implement appropriate risk management. Properly applied, data analysis is a very helpful method for detecting risks and improving safety. For the risk manager, it is not vital to have an extensive understanding of the IT systems within their company. However, they must be able to consult with cyber experts who can provide them with an assessment of the potential challenges faced by the cyber security of their company.

Additionally, risk managers are interested in understanding technological trends such as artificial intelligence, blockchain and the Internet of Things to help perform risk management at a strategic level.

What role can insurers play in helping risk managers become resilient to cyber threats?

The value of insurers is that they can help identify, define and quantify risks. In this way, companies get a very accurate picture of the financial penalty suffered by a particular instance of property damage and business interruption. This should motivate risk managers to take measures to increase their business‘ resilience. In this case, insurers will also assist with their advice on minimising risks in order to reduce downtime and correspondent losses. Cyber expertise and loss prevention engineering, combined with a long term commitment to customers, are an effective means of preventing future cyber losses.