Published on August 16, 2018 by Aditya Singh
Insurance is essentially the mitigation of risk. In the evolving business world, as digitization makes its way up it is changing the nature of risk. In the virtual, digital and cyber space, risk has transformed so much that it has become hard and expensive to evaluate. Evidently, modern day businesses face risks that are beyond the scope of the traditional insurance cover. This was apparent in few recent incidents:
Uber Technologies Inc. apparently paid $100,000 to a man from Florida to hide a data breach by the man that exposed 57 million users, including 600,000 drivers, in October 2016. Uber gave this money to the hacker under a reward program for security research aspirants who find loopholes in the company’s software.
Equifax, a consumer credit reporting firm in the US, faced personal data breach by hackers that was claimed to be the third major cyber attack since 2015. Hackers gained access to Equifax’s website in May 2017 but their cybersecurity team could not identify it.
As these risks rise, financial firms and banks are becoming increasingly exposed to cyber attacks. Other companies relying primarily on cyber space are also equally exposed.
Notably, the energy sector is one of the favorite targets of cyber-terrorists nowadays as its digital footprints have expanded with the inclusion of smart grids and smart devices. This gives an opening for hackers to breach the network, with the possibility of shutting down the whole infrastructure that could lead to financial and economic chaos.
Traditional insurance is rapidly transforming to address evolving digital risks
Earlier, insurers would mostly cover data breaches that were simpler to cover. In the newer world of technology, the breaches have also started causing physical damage, accidents or even thefts. This has led to the advent of cyber insurance, which not only covers data breaches but also covers most business disruptions caused by cyber attacks.
To prepare for such risks, the insurance industry has been working on cyber security centered products. According to market estimates, this is a big opportunity that may reach US$ 14 billion by 2020, fueled by 28% estimated CAGR growth in the preceding five years.
Few players are leading the market through their offerings. According to CBROnline:
AIG, which leads with a 22% market share, provides loss prevention tools
Hiscox, the next leader, covers negligence by human
Marsh, the third leading insurer in cyber insurance, assesses risks using statistical tools and quantitative methods in the underwriting process
Others players offering cyber insurance include Chubb, Berkshire, XL group, CAN, Ironshore, Beazley and others
Key hurdles in cyber insurance proliferation lie within firms and client markets
The two key challenges before cyber insurers are related to (1) designing the product and (2) motivating companies to adopt cyber insurance products.
Challenges in product design: Insurers face hurdles in designing cyber insurance products as threats are evolving.
Challenges in product acceptance by market: Challenges for cyber insurance growth arise when potential clients show reluctance in adopting it. This is mainly due to the following:
Inability to understand the scale of risk for a particular business
Disjointed and inconsistent application process for the coverage
Fear of a dynamic change in the scope of coverage
Difficulties in making businesses understand their coverage need and policy structure
Capacity constraints in the market
Concerted efforts required to put cyber insurance on growth trajectory
Given the above challenges, the insurers and the insured could work together to strengthen the cyber risk mitigation mechanism by taking the following steps:
Collect historical data: As historical data of loss or written business is scarce, insurers should underwrite more and more businesses, which will enable them to acquire mass data.
Segmentation of coverage: Separating the lines of business and their respective coverages while developing a product could help both the insurer and the insured to assess risks adequately.
Mutually understand risk exposure: Reaching out to businesses that are not correctly aware about their risks, personally or via advertising/marketing, could open up great opportunities.
Straight forward reporting: Businesses could be more open in revealing their data to the insurer, working under a legal agreement (e.g., a non-disclosure agreement) that mitigates reputational risks.
To quote former US National Security Advisor Colin Powell: “There are no secrets to success. It is the result of preparation, hard work, and learning from failure”. The cyber insurance industry needs dig deep in historical data, understand the loopholes and be prepared for the unexpected to thrive in an evolving risk environment.
What's your view?
Thank you for sharing your Comments
About the Author
Aditya Singh works with the Consulting and Corporate business where he has been engaged in multiple projects related to equity research, sector specific analysis and stock reports. His expertise includes financial and business research along with secondary research.
Prior to Acuity Knowledge Partners, he has worked at a KPO, where his role included providing qualitative research to investment banking clients, analysis of fixed income securities, and other secondary research projects. Aditya holds a Bachelor in Computer Applications (BCA) and an MBA in Finance from University of Lucknow.
17-Aug-2018 08:27:58 am
Informative and good piece of work. Would like to see more articles from this author based on indian scenario.
Can the neobank model be value-accretive to bank....
Neobanks, a new generation of financial institutions that operate exclusively in the digit....Read More
Open architecture – tracking the biggest techn....
Despite all the talk of digitalisation, a number of capital markets firms are still workin....Read More
Asia – Set to become a big market contributing....
Asia is home to over half the world’s population, with some of the fastest-growing econo....Read More
Like the way we think?
Next time we post something new, we'll send it to your inbox