Outside glass view of RPC building.

Cyber Insurance: Next stop, LATAM

12 October 2022. Published by Laura Thackeray, Senior Associate and Richard Breavington, Partner

This year BEC and ransomware top the list of cyber incidents around the world, taking an estimated 70% of the total incident response cases.

Threat actors have quickly realised they are ahead of the game in the race against regulatory and security organisations. Public and private sectors are being equally attacked with impressive success rates and limited signs of effective counteractivity. 

Governments and international organisations across predominantly the US, Europe, Canada, Australia and India are considering how best to respond and, more importantly, to protect their citizens and corporations from cyber-attacks which, now more than ever, pose a constant and highly damaging threat. Some of these policies have started to take effect, ensuring those regions are becoming slowly but surely less attractive targets to threat actors.  

The situation in LATAM, however, seems markedly different. Governments appear slower in their reaction to cyber risk. Political instability across the region does not help. The absence of joint efforts and any active pursuit of working collaboratively in developing both reactive and proactive policies to respond to cyberattacks leave this corner of the world exposed.  There are staggering numbers of incidents across key regional players, including Brazil (33 million attacks), Colombia (11.3 million attacks) and Mexico (7 million attacks) in 2021 alone, according to the Indice de Inteligencia de Amenazas de X-Force 2022.

The Need to React and Protect

Both public and private sectors have started to recognise that protection measures and counteractive policies must be at the top of the agenda. But these changes cannot be created in isolation. In order to be sustainable, they require the most important and, at the same time challenging, development of them all – a cultural transformation; a shift in the mindset where insurance (and in particular cyber insurance) is still placed in the 'luxury' category for businesses. 

In the last few years, the insurance industry has taken steps towards encouraging this change in the LATAM market. However, this progression is occurring at a much slower pace than in the rest of the western world. This is not helped by the disproportionate increase in cyber-attacks, and also the subsequent global hardening of the cyber insurance market. 

The Covid Effect

The COVID-19 pandemic has had its own key role to play in accelerating the process of incorporating cyber insurance for companies at all levels. Marsh and Microsoft joined forces to survey more than 1,000 LATAM companies in order to analyse the state of the cyber market in the wake of the pandemic1. The newly imposed working structures saw employers faced with the challenge of having to sign up to flexible and remote work policies, therefore increasing corporations' exposure to cyber-security risks. This adaptation to the 'new world', which is reluctant to look back, means that companies have had to include within their budgets a compulsory allowance for strong and secure Information Security tools, as well as putting in place a robust cyber-security policy which will provide effective support in the wake of a cyber incident. 

Nevertheless, there are still companies that refuse to assess and recognise the role that these tools play in order for corporations to survive in today's world. They sometimes opt instead for 'assuming' the risk, resulting in them potentially paying out on the consequences. 

Some others, who perhaps rushed to obtain protection at the pinnacle of the pandemic, no longer see the need to maintain or develop these means of preservation. However, whist the pandemic may go, cyber-attacks are here to stay. 

Now is an enthralling time for the global cyber market in Latin America. A continent packed with interesting proposals for those players with a hungry appetite for risk. It consists of a group of young nations pushed to grow and quickly adapt to the new world; small and medium economies obliged to update and upgrade in order to become a strong proposition. This provides an attractive destination for investors. But these prospects are not necessarily ready to undertake the cultural shift required to understand and fully appreciate the need to plan, protect and prevent, as opposed to react. Nevertheless, for those willing to take the risk, to help educate companies and raise awareness of the importance of effective preservative cyber protection policies, there could be a hefty reward. 

1Encuesta de Marsh y Microsoft sobre Riesgo Cibernetico en tiempos de Covid-19 en Latinoamérica - file:///C:/Users/LT10/Downloads/Encuesta_Riesgo_Cyber_Covid_LAC_2020.pdf