Deloitte and Zurich North America (Zurich) are partnering to deliver services for their customers to help them better understand and protect themselves from cyber associated risks.
Initial offerings include risk mitigation options provided by Deloitte Risk and Financial Advisory Cyber Risk Services and risk transfer options provided by Zurich.
Deloitte and Zurich believe companies that identify the multitude of possible cyber risks and have a tested action plan in place are those that may be more resilient, and can more efficiently get back to meeting the expectations of their customers.
Deloitte & Touche principal and Deloitte risk and financial advisory cyber risk services US leader Ed Powers said: "Through our work with clients in the aftermath of cyberattacks, we see that organizations are often unprepared for the magnitude of the financial impact.
"A decision to invest in cyber insurance as a part of a broader cyber risk management program is important to help improve a company's cyber resilience posture and take stock of the potential damage resulting from a cyberattack."
Businesses carrying Zurich's Security & Privacy insurance coverage will also have an opportunity to complement the coverage with a menu of pre-breach cyber risk assessment and management services through Deloitte to assist businesses in understanding their level of cyber exposure and resilience.
The services include standards-based risk assessment of an organization's threat detection and rapid incident response capabilities, as well as risk mitigation recommendations for customers.
Zurich North America specialty products head Bryan Salvatore said: "Deloitte is recognized as a leader in cyber risk advisory services with nearly 3,000 U.S. cyber risk professionals and Zurich is excited to provide our customers access to Deloitte's breadth and depth of experience in cyber risk services.
"Businesses should consider adopting a mindset of resilience through a balanced approach of mitigation and insurance protection."
Deloitte and Zurich expect to work together on additional joint capabilities to be phased-in over time as the cyber insurance market continues to evolve.
To help organizations thrive in an increasingly fast-paced and complex technology landscape, Deloitte helps public and private sector organizations develop or strengthen risk-focused cyber programs. While it is impossible to prevent all cyberattacks, organizations can lessen their impact by making well-balanced investments in security controls, threat awareness and detection, and incident response preparedness.
In an effort to more fully measure the depth and breadth of cost an organization can incur, Deloitte recently published "Beneath the surface of a cyberattack: A deeper look at business impacts," a risk-based report outlining the depth and duration of cyber incidents in financial terms. Looking at two sample cyberattack scenarios, the report demonstrates a model to quantify potential damage and identifies 14 business impacts of a cyber incident as they play out over a five-year incident response process.
The scenarios illustrate some of the many ways a cyberattack can unfold and both clearly illustrate that the road to business recovery can be far more drawn out, more complex and more costly than imagined.
Deloitte has worked with more than a thousand clients globally in the last 12 months across all industry sectors, providing a distinct perspective on what happens in the preparation for and the response to a broad array of cyber incidents.
The findings of the "Beneath the surface of a cyberattack" report includes insights for executives who not only understand the technical dimensions of cyber, but also have a deep understanding of how business value is created — and destroyed. Cyber risk is complicated and requires multidisciplinary approaches and the ability to integrate business strategy, operations and technology.
A multi-pronged approach, of which cyber insurance can play a valuable role, is needed to better withstand the financial, operational and reputational implications of cyberattacks.