Cyber risk must be addressed by insurers at the boardroom level, according to an EY report.

Increasing digitisation of the industry’s ecosystem, from front-end to back-end operations, requires a change in mindset, because about 59% of insurers lack executive support and view budget constraints as the main hurdle to handling cyber risks, it warns.

“As cyber risk is abundant within the digital age, it is essential for the board to have cyber security as a priority on its agenda and embed major discussions and decisions on cyber risk continually at board meetings,” the report, Cyber Strategy For Insurers, says.

“The board is responsible for understanding the risks to the organisation, defining cyber-security governance and setting the expectations for management.

“Cyber security is an organisation-wide risk that should be managed by the board on an ongoing basis through assessments of current cyber-security practices.”

The CEO and C-suite team should be fully embedded within the organisation and operating model, with clearly defined roles and responsibilities. This will produce leadership with the ability to address important cyber-security questions should a breach occur.

“A real corporate culture of awareness and leading practice will set the organisation apart and enable an adequate level of preparedness and responsiveness.

“Insurers need to implement processes to drive the adoption of leading practices and enterprise-wide acceptance of cyber-risk culture. Insurers need to minimise the silo approach, to increase interaction between functions and improve the flow of information.”