16/06/2026
Risk is no longer confined exclusively to the realm of the tangible. In our hyper-connected world, digital threats can simultaneously affect companies, markets, and economies. Cybersecurity goes beyond systems and data protection and involves developing resilience in an increasingly complex global environment.
This was the kernel of one of the meetings held during the XXX Mapfre Global Risks International Seminar, which took place in Cáceres, Spain, recently. The session featured Daniel Largacha, Cybersecurity manager at Mapfre; Ignacio del Corral, global head of Corporate Risks at Santander Group; and Macarena Bandrés, head of Cyber Risk Management at Marsh. The panel was moderated by Julien San Quirce, manager of Third-Party Liability at Mapfre Global Risks.
Society’s growing digital dependence means this subject transcends the business environment. As was pointed out during the talk, “any one of us could leave home one day without our wallet, but not without our cell phone.” This reality is forcing us all to strengthen digital awareness in a context of careening technological transformation.
A volatile and unpredictable risk
Unlike traditional threats, cyber risk is difficult to predict and even to identify. “What’s certain nowadays, suddenly and without prior warning, ceases to be so,” assured Daniel Largacha during his first contribution. These risks don’t just affect the individual company concerned – they can reverberate through the entire ecosystem: an incident that arises in a small company can quickly spread through providers, technology partners, or supply chain systems and impact hundreds or thousands of companies in different countries.
This context means we need to review traditional analysis models. Static risk map approaches are glaringly lacking in the face of constantly evolving threats, which is why concepts such as technological maturity, governance, and resilience are becoming increasingly important.
Ignacio del Corral highlighted the complexity and transversal scope of cyber risks, which makes assessing them especially difficult. “It’s difficult to know how far a loss can go.” We know of some cases, like Jaguar, where a decidedly small spark ignited what turned out to be a fireball that impacted the company’s bottom line severley,” he warned. The experts agreed that the key to containing this risk lies in the safety culture: integrating protection from the outset in technology design and extending that responsibility to all stakeholders involved, including the insurance industry.
When technology advances faster than security
Every technological leap drives new capabilities and opportunities but also generates vulnerabilities that require rethinking security and risk management, with AI and quantum computing being the two most-cited examples during the talk.
In the case of AI, the participants agreed that it should be understood as another tool, whose impact will depend on how it’s adopted and governed. Macarena Bandrés recalled that “AI is nothing new – we’ve been living with it for quite some time now,” although she acknowledged that the acceleration of generative models has multiplied concerns around this technology.
Beyond the debate about insurance coverage, the experts pointed out that the real challenge is organizational and regulatory. Incorporating AI into any corporate structure requires new control mechanisms, specialized training, and governance frameworks capable of ensuring safe and scalable use. In this context, they emphasized the need for a coordinated response among companies, administrations, and international organizations to address the economic, social, and regulatory implications arising from this technology.
Alongside AI, quantum computing emerges as a less visible threat in the media, but potentially much more disruptive. Although it’s still in development phase, its ability to compromise current cryptographic systems is increasingly worrying specialists and organizations. Largacha, who emphasized the problem, warned that many of the mathematical principles on which current digital security is based could become obsolete when quantum computing reaches sufficient capacity. “Experts say that could happen between 2030 and 2035, and it’s imperative that we have our homework done properly by then,” he pointed out. The adaptation won’t be easy and will involve renewing applications, infrastructures, and complete systems.
Challenges facing risk management and insurance
Unlike other insurable claims, a digital incident can simultaneously affect thousands of organizations, transcending geographic boundaries, economic sectors, and supply chains. With the passage of time and increased hyper-connection, the risk becomes much greater. As an example of this new reality, Ignacio del Corral recalled two paradigmatic cases: the WannaCry and NotPetya attacks of 2017. Both situations laid bare the enormous capacity for these incidents to spread rapidly and have widespread impact. “They were very consequential attacks back then. Today, a similar incident would have a devastating effect,” he said.
In this context, the cyber insurance market is going through a particularly favorable moment for policyholders, with better conditions and coverage. However, Macarena Bandrés warned that although the frequency of claims has dropped compared to 2024, the severity of them continues to increase. Among the main threats are digital extortion, identity impersonation, and incidents originating in providers or supply chains. As an example, he cited the attacks suffered in 2025 by Marks & Spencer and the Co-op, which demonstrated how an adequate insurance strategy can make a difference in the ability to recover after a cyber incident. “The difference wasn’t found in the the technical sophistication, it was really a question of risk management,” he pointed out.
Towards shared resilience
Although technological solutions and the support of the insurance industry are fundamental, the discussion concluded with a central idea: the need to build collective resilience. The participants advocated moving toward public-private collaboration formulas capable of addressing systemic risk scenarios that exceed the response capacity of any individual organization.
Moreover, the discussion highlighted that cyber risk can no longer be understood solely as a technological problem. Its impact touches on business continuity, corporate reputation, financial stability and, in certain scenarios, even the functioning of strategic sectors and entire economies. As such, managing it properly requires a transversal vision combining technology, governance, security culture, and ability to anticipate.
For its part, the insurance industry must continue to function as a tool to guarantee security, promote prevention, and strengthen the necessary knowledge to understand, measure, and manage this type of risk. Beyond financial coverage, professionals in the sector provide support to better understand the exposure to all types of risks and prepare for an increasingly complex threat environment.
You can rewatch the whole Security and cyber risks: how to manage and secure the invisible risk presentation here.
Security and cyber risks – XXX Mapfre Global Risks International Seminar
