In my experience, I do not consider that insurance is the absolute solution to the problem, and in part the mistake that is often made is to start looking for a policy of this nature, when the minimum cybersecurity controls and measures have not been adopted. Insurance is part of a solution that must be comprehensive, but it must be the consequence of an adequate and appropriate cybersecurity strategy.
In Latin America we have found major shortcomings in terms of cyber security controls and companies, not in a specific industry, the low cyber maturity of our continent, as far as we have been able to see, does not discriminate industry, as well as cyber risks, either. They have preferred industries and I consider that this is the first point to be covered.
Years ago it was considered that companies in the financial sector were the most sensitive to suffer an attack or be victims of any cyber risk, in principle due to the large amount of data they handle and the little specialization in cybersecurities that was found.
However, the years have shown us that the vulnerabilities are not only in the data, that, although they are very important, there are other weaknesses that in my opinion were evidenced thanks to the pandemic, and it is the high dependence that the companies of all the sectors have systems and networks. Therefore, we have to go beyond the industry or activity of the company, if it handles data and works through systems, it is vulnerable.
As complete as the insurance may be (depending on an adequate underwriting and placement process), it is not the only solution to the problem, and the way in which many companies identify it must evolve. Insurance is a support when suffering a severe impact as a result of an event, but the ideal is that the companies that take it, or intend to take it, do everything diligently possible to avoid the occurrence of the event.
The different events that arose as a consequence of the pandemic; for example, the significant increase in ransomware cases has led the insurance and reinsurance market to specialize much more in the matter.
Now the underwriters in charge of risk analysis of companies seeking to be insured are much more technical and perform a more detailed and thorough underwriting process. Some markets even rely on expert cybersecurity companies to analyze future policyholders in detail.