A recent wave of high-profile cyber-attacks — with objectives ranging from disrupting critical infrastructure to influencing the US presidential election — has heightened attention around the need for stronger security and governance measures in the public domain. Technological advances have also facilitated a significant uplift in industrial espionage, which could grow further in an era of state-sponsored use of cyber technology. Meanwhile, the future weaponization of AI and robotics by rogue states or terrorists and the scope for hacking global satellite systems are also firmly on the radar of security specialists.
As businesses embrace innovation, they also take on new risks. Not only are companies buying and employing technology that creates new exposure, their IT systems are becoming increasingly connected to those of other companies in their value chain, such as suppliers, customers and utilities. Additionally, more IoT devices are being deployed to improve productivity or increase safety. This expanding interconnectedness, often facilitated by devices with limited security, creates additional points of vulnerability to cyber-attack and makes assessing the risk permutations that much more difficult.
Other innovations in the technology landscape, such as the migration of data and software to the Cloud and the use of AI and robotics in commercial applications, are also shifting the nature of cyber risk. At the same time, companies implementing innovations may be assuming, through legacy contracts, new liabilities where legal precedent is embryonic at best, along with vulnerabilities they will find challenging to mitigate or transfer into insurance markets.
Cross-border data flows are being slowed by a rise in government intervention. Some measures are aimed at consumer protection. For example, the European Union’s General Data Protection Regulation (GPDR) is driven primarily by privacy concerns on personal data. Other initiatives are aimed at state protection, driven by heightened security concerns. These measures enforce a range of protectionist policies, including prohibitive technical standards, censorship, surveillance and data localization. China, for instance, has joined Russia in tightening the requirements placed on foreign companies to store information within national borders. Increasing regulation is complicating the space for business to work in and aggravating “splinternet” tendencies.
These trends may present significant challenges for businesses. Compliance with new regulation could be costly, and failure to comply could result in significant sanctions. Restricted access to digital supply chains and markets will create complexities for firms with global operating models. In an era of heightened nationalism, this direction could threaten open global competition.