The importance of cybersecurity in the future can hardly be overstated. Organizations everywhere know this very well and are increasing their cybersecurity spending – which in turn propels the cybersecurity industry forward at an increasing rate. Similarly, there is an immense growth potential in the cyber risk insurance market.
“The cyber insurance market is rapidly emerging as a separate class of insurance, due to rising demand for cover for specific market risks,” reads a new report titled “The Future of Cyber Risk Insurance,” available here [Paid].
These “specific” cyber risks are not routinely covered under traditional insurance policies. These policies include commercial general liability and even professional indemnity policies.
Due to the inherent contrasts, insurers ought to start investing in research and the means to bring cyber-insurance products. Significantly, those who realize the cyber insurance market is still in its nascent stage, can be early movers in the market. For instance, Axa, a French insurer is already putting together a team of computer engineers and experts to form a centralized cyber group as a focused strategy to set itself apart in the cyber insurance market.
There are of course, challenges in the new domain. Insurers seeking rapid growth will face hurdles with cases of cyber incidents, of which there are plenty. There will also be unique challenges that early adopters face while coming up with pricing models.
Cyber Risks and their Significance
The World Economic Forum (WEF) already recognizes cyber risks as a potential global threat. Cyber risks rank among risk categories such as environmental, economic and geopolitical to figure in the top 10 risk categories in terms of likelihood and even impact.
The Allianz Risk Barometer 2015 also chimes in to rank cyber risk among the top five risks for businesses globally. None more-so in particular, than the insurance industry.
The numbers are staggering. The global financial impact of cyber crime plaguing businesses and corporations are estimated to be between $375 billion to $575 billion globally, according to a study by the CSIS or the Center for Strategic and International Studies. For developed nations, cybercrime could also have a human cost, besides dealing a financial blow. Cybercrime could also shift the unemployment rate. According to CSIS, over 150,000 people in Europe and over 200,000 in the United States have lost their jobs due to financial losses directly related to cyber crime.
Such numbers also bring an increase in cyber risk insurance purchases. According to Advisen’s cyber insurance buyer penetration index, cyber risk insurance purchases have increased five-fold between 2006 and 2013. The report cites AIG, ACE Ltd, Chubb Corp., March and Beazley Group Ltd. and Zurich Insurance Co. Ltd among the major insurance companies featured.
In a significant move that makes commercial sense for both businesses and organizations, the transferring of risk in exchange of a premium makes for a good call. Cyber risk insurance involves several value-added services such as reaching a specialist lawyer, crisis management experts or IT forensics experts at the critical time of a data breach. Cyber insurance products that are able to take care of such communication and factors will thereby be an attractive product for a customer to buy in to.
Standalone cyber risk insurance policies are also being sought after by business to cover the dangers of specific cyber risks. Such policies also include the cost of security or expenses such as notifications, regulatory fines and penalties and costs involving forensic investigation and restoration costs. Quite simply, standalone cyber risk insurance policies go beyond the limitation of traditional policies by providing cover for specific risks on a cyber platform.
Insurers are also opting for robust cyber risk management by collaborating with security experts while tending to businesses. A good balance between IT security measures and the transfer of risk as an insurance solution for cyber risk. The core competency of insurers sees their pricing and underwriting of risk while the cybersecurity experts they liaison with specialize in adapting the technology to deal with cyber vulnerabilities.
Despite all of the above, there are caveats with the cyber insurance market’s ability to deliver solutions. In an entirely unpredictable industry, risks faced by firms often tend to be unique to the precise industry they are a part of and policies will need to be adapted accordingly.
The future of the cyber risk insurance market will depend on the insurers’ ability to assess the degree of cyber exposure in tandem with the scale of the organization and the data types used by it, to determine a viable cyber insurance policy, both in its price and terms.