Hackers a growing risk for insurers: Fitch

Insurance companies with better cyber defences also have higher credit ratings, according to new research from Fitch Ratings.

In a report, the rating agency said that it found a positive correlation between the cyber risk scores and credit ratings of 400 global insurance companies.

“This implies that insurance companies that focus on managing their own credit risk tightly also appear better at managing their cyber risks,” Fitch said

Cybersecurity is an increasingly important consideration for insurers, the report noted, as events such as ransomware attacks and data breaches are “a growing risk for insurance companies and is arguably reaching an acute phase.”

These kinds of attacks are rising at “an alarming rate,” the report said, citing several reasons for the trend that included “the potential for financial payouts, increased availability of tools to commit cybercrime, limited criminal enforcement to date and a growing digital footprint.”

Additionally, cyber attacks are becoming more sophisticated, Fitch said, with organized crime and “nation-state actors” increasingly involved.

“The global insurance industry experienced several high-profile cyber events in 2021. In particular, ransomware is an industry issue that is a growing concern,” said Keith Buckley, global insurance group head for Fitch, in a release. “As a result, cyber is becoming increasingly important to our ratings analysis.”

While cybersecurity is considered a non-financial risk, increasingly cyber attacks represent “a very real and growing financial impact,” Fitch said. “This results from breaches that require investments to offset risks and costs associated with fines, direct breach costs, reputational damage, supply chain interruptions and lost business.”

So far, Fitch hasn’t downgraded an insurer solely due to a cyber attack, but the rating agency expects that this will eventually happen.

James Langton

James is a senior reporter for Advisor.ca and its sister publication, Investment Executive. He has been reporting on regulation, securities law, industry news and more since 1994.