Zurich North America, Deloitte collaborating on cyber protection

Zurich North America and Deloitte reported on Tuesday that they are working together to provide services for customers to help them better understand and protect themselves from cyber related risks.

Initial offerings include risk transfer options provided by Zurich and risk mitigation options provided by Deloitte Risk and Financial Advisory Cyber Risk Services, Zurich said in a statement.

“Zurich and Deloitte believe companies that identify the multitude of possible cyber risks and have a tested action plan in place are those that may be more resilient, and can more efficiently get back to meeting the expectations of their customers,” the statement said.

Bryan Salvatore, head of specialty products for Zurich North America, noted that “Deloitte is recognized as a leader in cyber risk advisory services with nearly 3,000 [United States] cyber risk professionals, and Zurich is excited to provide our customers access to Deloitte’s breadth and depth of experience in cyber risk services.” He added that “businesses should consider adopting a mindset of resilience through a balanced approach of mitigation and insurance protection.”

Businesses carrying Zurich’s Security & Privacy insurance coverage also will have an opportunity to complement the coverage with a menu of pre-breach cyber risk assessment and management services through Deloitte to assist businesses in understanding their level of cyber exposure and resilience, the statement said. The services include standards-based risk assessment of an organization’s threat detection and rapid incident response capabilities, as well as risk mitigation recommendations for customers.

In addition, Deloitte customers working toward cyber resilience can now balance their risk mitigation solutions through Deloitte with risk transfer options provided by Zurich.

“Through our work with clients in the aftermath of cyberattacks, we see that organizations are often unprepared for the magnitude of the financial impact,” said Ed Powers, principal, Deloitte & Touche LLP, and U.S. leader for Deloitte Risk and Financial Advisory Cyber Risk Services. “A decision to invest in cyber insurance as a part of a broader cyber risk management program is important to help improve a company’s cyber resilience posture and take stock of the potential damage resulting from a cyberattack.”

Zurich and Deloitte expect to work together on additional joint capabilities to be “phased in over time as the cyber insurance market continues to evolve,” the statement said.

In addition to its collaboration with Deloitte, Zurich is involved in a “first-of-its-kind” public private partnership with the University of Maryland and the National Institute of Standards and Technology to develop a Cyber Portal to help businesses build resilience against cyber-related supply chain risks. And in August 2016, Zurich announced new cyber insurance solutions for captives.

Zurich Insurance Group is a multi-line insurer that provides property and casualty and life insurance products and services in more than 210 countries and territories. It is headquartered in Zurich, Switzerland, where it was founded in 1872. Its customers include individuals, small businesses, mid-sized and large companies as well as multinational corporations. In North America, the company is a commercial P&C insurance provider, serving the global corporate, large corporate, middle market, specialties and programs sectors through the individual member companies of Zurich in North America, including Zurich American Insurance Company.

As part of the Deloitte Risk and Financial Advisory practice, Deloitte’s Cyber Risk Services “help complex organizations more confidently leverage advanced technologies to achieve their strategic growth, innovation and performance objectives through proactive management of the associated cyber risks.” Deloitte’s nearly 3,000 U.S. cyber risk professionals provide advisory and implementation services, spanning executive and technical functions, to help transform legacy IT security programs into proactive, secure, vigilant and resilient cyber risk programs.