New cyber related options offer balanced approach of risk mitigation and insurance protection for businesses working toward cyber resilience
Zurich (Feb. 15, 2017) – Deloitte and Zurich North America (Zurich) are working together to provide services for their customers to help them better understand and protect themselves from cyber related risks. Initial offerings include risk mitigation options provided by Deloitte Risk and Financial Advisory Cyber Risk Services and risk transfer options provided by Zurich.
Deloitte and Zurich believe companies that identify the multitude of possible cyber risks and have a tested action plan in place are those that may be more resilient, and can more efficiently get back to meeting the expectations of their customers.
“Through our work with clients in the aftermath of cyberattacks, we see that organizations are often unprepared for the magnitude of the financial impact,” said Ed Powers, principal, Deloitte & Touche LLP, and U.S. leader for Deloitte Risk and Financial Advisory Cyber Risk Services. “A decision to invest in cyber insurance as a part of a broader cyber risk management program is important to help improve a company’s cyber resilience posture and take stock of the potential damage resulting from a cyberattack.”
Businesses carrying Zurich’s Security & Privacy insurance coverage will also have an opportunity to complement the coverage with a menu of pre-breach cyber risk assessment and management services through Deloitte to assist businesses in understanding their level of cyber exposure and resilience. The services include standards-based risk assessment of an organization’s threat detection and rapid incident response capabilities, as well as risk mitigation recommendations for customers.
“Deloitte is recognized as a leader in cyber risk advisory services with nearly 3,000 U.S. cyber risk professionals and Zurich is excited to provide our customers access to Deloitte’s breadth and depth of experience in cyber risk services,” said Bryan Salvatore, head of Specialty Products for Zurich North America. “Businesses should consider adopting a mindset of resilience through a balanced approach of mitigation and insurance protection.”
Deloitte and Zurich expect to work together on additional joint capabilities to be phased-in over time as the cyber insurance market continues to evolve.
To help organizations thrive in an increasingly fast-paced and complex technology landscape, Deloitte helps public and private sector organizations develop or strengthen risk-focused cyber programs. While it is impossible to prevent all cyberattacks, organizations can lessen their impact by making well-balanced investments in security controls, threat awareness and detection, and incident response preparedness.
In an effort to more fully measure the depth and breadth of cost an organization can incur, Deloitte recently published “Beneath the surface of a cyberattack: A deeper look at business impacts,” a risk-based report outlining the depth and duration of cyber incidents in financial terms. Looking at two sample cyberattack scenarios, the report demonstrates a model to quantify potential damage and identifies 14 business impacts of a cyber incident as they play out over a five-year incident response process. The scenarios illustrate some of the many ways a cyberattack can unfold and both clearly illustrate that the road to business recovery can be far more drawn out, more complex and more costly than imagined.
Deloitte has worked with more than a thousand clients globally in the last 12 months across all industry sectors, providing a distinct perspective on what happens in the preparation for and the response to a broad array of cyber incidents. The findings of the “Beneath the surface of a cyberattack” report includes insights for executives who not only understand the technical dimensions of cyber, but also have a deep understanding of how business value is created — and destroyed. Cyber risk is complicated and requires multidisciplinary approaches and the ability to integrate business strategy, operations and technology. A multi-pronged approach, of which cyber insurance can play a valuable role, is needed to better withstand the financial, operational and reputational implications of cyberattacks.
About Deloitte Risk and Financial Advisory Cyber Risk Services
As part of the market-leading Deloitte Risk and Financial Advisory practice, Deloitte’s Cyber Risk Services help complex organizations more confidently leverage advanced technologies to achieve their strategic growth, innovation and performance objectives through proactive management of the associated cyber risks. With deep experience across a broad range of industries, Deloitte’s nearly 3,000 U.S. cyber risk professionals provide advisory and implementation services, spanning executive and technical functions, to help transform legacy IT security programs into proactive, secure, vigilant and resilient cyber risk programs. Deloitte Risk and Financial Advisory cyber risk services works with our clients worldwide to better align cybersecurity investments with strategic business priorities, establish improved threat awareness and visibility, and strengthen the ability of organizations to thrive in the face of cyber incidents.
About Deloitte Risk and Financial Advisory
Deloitte Risk and Financial Advisory helps organizations turn critical and complex business issues into opportunities for growth, resilience and long-term advantage. Our market-leading teams help our clients manage strategic, financial, operational, technological and regulatory risk to enhance enterprise value, while our experience in mergers and acquisitions, fraud, litigation and reorganizations helps clients emerge stronger and more resilient.
As used in this document, “Deloitte” and “Deloitte Risk and Financial Advisory” means Deloitte & Touche LLP, which provides audit and enterprise risk services; Deloitte Financial Advisory Services LLP, which provides forensic, dispute, and other consulting services; and its affiliate, Deloitte Transactions and Business Analytics LLP, which provides a wide range of advisory and analytics services. Deloitte Transactions and Business Analytics LLP is not a certified public accounting firm. These entities are separate subsidiaries of Deloitte LLP. Please visit www.deloitte.com/us/about for a detailed description of our legal structure. Certain services may not be available to attest clients under the rules and regulations of public accounting.
Zurich Insurance Group (Zurich) is a leading multi-line insurer that serves its customers in global and local markets. With about 54,000 employees, it provides a wide range of property and casualty, and life insurance products and services in more than 210 countries and territories. Zurich’s customers include individuals, small businesses, and mid-sized and large companies, as well as multinational corporations. The Group is headquartered in Zurich, Switzerland, where it was founded in 1872. The holding company, Zurich Insurance Group Ltd (ZURN), is listed on the SIX Swiss Exchange and has a level I American Depositary Receipt (ZURVY) program, which is traded over-the-counter on OTCQX. Further information about Zurich is available at www.zurich.com.
In North America, Zurich is a leading commercial property-casualty insurance provider serving the global corporate, large corporate, middle market, specialties and programs sectors through the individual member companies of Zurich in North America, including Zurich American Insurance Company. Life insurance and disability coverage issued in the United States in all states except New York is issued by Zurich American Life Insurance Company, an Illinois domestic life insurance company. In New York, life insurance and disability coverage is issued by Zurich American Life Insurance Company of New York, a New York domestic life insurance company. For more information about the products and services it offers and people Zurich employs around the world, visit www.zurichna.com. 2012 marked Zurich’s 100-year anniversary of insuring America and the success of its customers, shareholders and employees.