Maturing markets: cyber insurance in Latin America

Carolina Carmona, assistant vice president, financial lines manager at Liberty Specialty Markets Latin America, sets out the current landscape of the cyber insurance market across the region.

Latin America and the Caribbean make up 6 percent of global GDP across more than 30 countries, ranging from highly developed to emerging markets. In both the public sector and private enterprise, digital opportunities and risks are growing.

This is against a backdrop of a digitalising global economy, with increased cyber exposure to organisations across the South American continent. Internet penetration in Latin America is above global averages (at 75 percent, compared to 65 percent), as mobile banking, e-commerce and digital government services are increasingly subject to sophisticated cyber threats.

A particular feature of the regional economy is the preponderance of SMEs, necessitating resilience building above the enterprise level, with sector and state collaboration urgently required for cyber resilience.

Experienced risk carriers from outside the region can provide risk mitigation advice and support through their networks, but the maturing economies of the region need to act quickly to prevent breaches.

Sophisticated cyber threats require a sophisticated risk management strategy

“Booming growth” (to use a phrase from a recent Deloitte report) across the region is increasingly attracting advanced cybercriminal enterprise. Cyber exposures total 1 percent of GDP; if critical infrastructure is included, that figure rises to 6 percent.

Phishing and ransomware attacks are currently the greatest threats, with ransomware-type digital crime making up 79 percent of cyber events in Latin America versus 53 percent globally. While we, as insurers, have seen a marked improvement over the past three years in internal measures taken to mitigate these risks, including procedures for data recovery, more systemic approaches are required.

Efforts to create robust legislative responses have been fragmented at best, however, with Brazil and Argentina developing independent strategies and many other states lagging. Data transfer policies, in particular, require standardisation in order to better protect cross-border enterprises. The creation of limitations, barriers and safeguards on data processing for digital enterprises can ensure their continued safety in the long run and must be a priority.

Reactive-only responses to cyber threats are no longer a sufficient option. We need to improve risk assessments, training and malware awareness among staff as well as create effective post-event strategies. Organisations across Latin America are facing sophisticated threats; the planning and preparation must be even more so to prevent or mitigate them.

Resilience through collaboration

Regional digital economic leaders such as Mexico, Brazil, Argentina and Colombia present a level of private market maturity more commonly associated with the developed states of North America and Europe, while elsewhere, a number of public sector entities are relying on third-party expertise to build out their resilience.

From a cyber insurance perspective, Latin America presents a great opportunity to combine local and external capacity and expertise, fuelling the extraordinary economic rise of the region in the next digital age. Experienced capital- and knowledge-rich insurers from outside the region can contribute to building cyber resilience by facilitating collaboration.

In many ways, this could resemble efforts around a decade ago in the European market. Service providers, accountants, lawyers – as well as, of course, insurers – all have a vested interest in building cybersecurity across the region. In Europe, this combined pressure led to legislative and regulatory efforts, supported by insurers, to improve safeguards. Similar efforts are being undertaken in Latin America, with increasing political support, and as risk carriers, we hope to aid in building this vital collaboration.

Building cyber awareness across organisations

A recent CISO Conference organised in the region is a step in the right direction, and we are prepared as insurers to support these efforts through our networks, in collaboration with brokers and risk managers.

Cybersecurity needs to be given the priority it deserves and should be at the forefront of C-suite and political leaders’ thinking when creating plans for growth. The region is growing exponentially and cannot afford to ignore the sophistication of cybercriminals. As insurers, we are ready to support with our knowledge, but the ball is, ultimately, in the region’s increasingly mature court.