Israel’s cyber industry has always been a particular source of national pride, acting as both a crucial method of defense and a major part of our economy. According to the Israel Innovation Authority, a whopping 43% of Israel’s exports are attributed to technology and, within this, cyber security has repeatedly attracted the most funding and investor attention, raising capital of $2.9 billion this year. But the cyber trends of 2021 tell a different story of Israel’s cyber sector - one that has somewhat dampened an industry which so often carried the torch for its global peers in the past.
Covid-19 and its seismic impact on the world of work has, in turn, prompted another pandemic - one which is digital in nature. Society’s increasing reliance on networks and technology has caused cyber risks to skyrocket, resulting in a sharp uptick in the severity and frequency of cyberattacks. Despite its global reputation for cyber excellence, Israel has not been immune to these evolving threats, with Shirbit and Atraf marking some of the most notorious incidents that the country has ever seen. A 2021 Google report into global ransomware attacks stated that Israel experienced a 600% increase in reported ransomware attacks over the past year, making it the country most affected by ransomware since 2020. According to a 2021 Acronis report, 36% of Israeli companies experienced cyberattacks over the past year, when the world average stands at 30%. These figures should raise red flags in the minds of every Israel business owner, CISO, and IT manager. There is no doubt that Israeli innovation continues, and will continue, to shape the global cybersecurity industry abroad; however, these statistics suggest that too many Israelis, despite being surrounded by this dynamic sector, do not take their cyber hygiene seriously enough.
Achilles' heel
The past few years have, moreover, highlighted the true Achilles' heel of this industry: cyber insurance. This is a risk management technique via which network risks are transferred to an insurance company. Astute business leaders have realized that it is virtually impossible to completely eradicate cyber risks. No matter how elaborate your security system, if the FBI and Pentagon can be hacked (as we witnessed in the infamous 2020 SolarWinds attack), no-one is safe. However, it is possible to minimize the fallout via insurance.
Still relatively fresh to the insurance scene, the cyber liability policy has not yet reached peak maturity and its coverages and limitations are therefore volatile. However, a robust policy will provide vital protection in the modern world of data.
Figures show that Israeli companies, especially SMBs, lag behind their global peers in their uptake of cyber insurance policies: whilst a survey conducted by Marsh demonstrated that 50% of businesses around the world were holders of cyber insurance policies, the National Cyber Directorate reported back in 2019 that only 13% of Israeli companies had cyber insurance. These numbers have gone up since Covid-19, but any increase in uptake has been largely insubstantial. Trends indicate that businesses have been opting for password policies, software updates and early threat detection as popular cybersecurity controls, while cyber insurance is one of the least popular safeguarding methodologies. It is all too clear that Israeli organizations lack awareness of the cyber risks at hand and the return on investment that a targeted insurance policy could bring.
Rising premiums
Although the National Cyber Directorate has predicted that the cyber insurance market will grow six-fold in the next five years, any increase in demand will be stifled by painfully low supply. This is not a problem which is unique to the Israeli cyber insurance industry - the market has hardened all over the globe due to the increasingly vicious nature of cyberattacks following Covid-19. But in Israel premiums have risen at a faster rate than the global average, which itself has risen significantly in recent years. Along with this high pricing, insurers have started to limit their coverage, meaning that payout ceilings may be lower than the costs actually incurred by the insured party. The lack of economic viability experienced by Israeli business owners, together with a general lack of awareness, is one of the main constraints on the expansion of the cyber insurance industry in this country.
In addition to this, Israeli insurers typically lack the cash reserves to cover larger enterprises, since these businesses, increasingly dependent on network connectivity, carry an inherently larger cyber risk. The result is that SMBs, which are therefore most eligible to acquire cyber insurance policies, are also least aware of their need for it. Moreover, commercial insurers in Israel that do provide "cyber risk policies" tend to tack on cyber coverage to existing policies and rely heavily on international reinsurers to foot the bill. This means that cyber insurance pricing in Israel will fluctuate depending on changes in other sectors and foreign markets, failing to provide the much needed clarity and stability that cyber insurance buyers need.
Underwriting difficulties have also intensified in light of the ever-changing cyber climate. Faced with a constant barrage of new trends, insurers lack actuarial information on the likelihood of an attack materializing, making it difficult to predict the potential damage at stake. Insurers now demand proof of cyber hygiene before handing out policies and set minimum benchmarks, which most Israeli companies are simply not at the stage to hit. The acquisition process has become long and tedious, with questionnaire after questionnaire demanding minute details of a company’s security posture. Low readiness organisations are struggling to obtain affordable coverage, if at all - and those are the companies that will suffer the most when a cyber attacker strikes.
New insurtech tools
The good news is there are still innovators in the industry who are willing to take the challenge on. Israeli startups such as Parametrix, Kovrr and Cyberwrite have enjoyed international success with their insurtech tools, which assist cyber insurance professionals in their daily activities and enable more businesses to purchase policies. Other start-ups, such as the Cyber Insurance Academy, have taken it upon themselves to merge cyber and insurance education into a single online learning platform for insurance professionals wishing to learn more about the fastest growth product in their industry. "We are seeing emerging trends that Israel is no longer just a developer of cyber and insurtech tools, but also of industry knowledge and education," says Asaf Armoni, the Academy’s CTO. "We want to see this knowledge soaked up both in Israel and abroad," adds Guy Simkin, CEO. Indeed, the small yet mighty Tel Aviv start-up has disrupted the global insurance sector, attracting some big household names to its student community and achieving rare accreditation by the most respected international insurance body, the Chartered Insurance Institute in London.
The past couple of years have raised some issues of concern for the cybersecurity practices of Israel’s businesses. While demand for a more robust risk transfer mechanism may be on the rise, Israel’s insurance industry will have to catch up - and fast. If Israel plays its cards right, it could maintain its reputation as a world-leading cyber innovator, but it will need to educate its fellow citizens, as well as the rest of the world, for this to happen.
Syvanne Aloni works as a Marketing and Communications consultant in Israel and the UK, with clients spanning a variety of industries and sizes.
Published by Globes, Israel business news - en.globes.co.il - on December 22, 2021.
© Copyright of Globes Publisher Itonut (1983) Ltd., 2021.