Cyber Insurance: Trends and Path Forward

Published on August 16, 2018 by Aditya Singh

Insurance is essentially the mitigation of risk. In the evolving business world, as digitization makes its way up it is changing the nature of risk. In the virtual, digital and cyber space, risk has transformed so much that it has become hard and expensive to evaluate. Evidently, modern day businesses face risks that are beyond the scope of the traditional insurance cover. This was apparent in few recent incidents:

• Uber Technologies Inc. apparently paid $100,000 to a man from Florida to hide a data breach by the man that exposed 57 million users, including 600,000 drivers, in October 2016. Uber gave this money to the hacker under a reward program for security research aspirants who find loopholes in the company’s software.

• Equifax, a consumer credit reporting firm in the US, faced personal data breach by hackers that was claimed to be the third major cyber attack since 2015. Hackers gained access to Equifax’s website in May 2017 but their cybersecurity team could not identify it.

As these risks rise, financial firms and banks are becoming increasingly exposed to cyber attacks. Other companies relying primarily on cyber space are also equally exposed.

Notably, the energy sector is one of the favorite targets of cyber-terrorists nowadays as its digital footprints have expanded with the inclusion of smart grids and smart devices. This gives an opening for hackers to breach the network, with the possibility of shutting down the whole infrastructure that could lead to financial and economic chaos.

Traditional insurance is rapidly transforming to address evolving digital risks

Earlier, insurers would mostly cover data breaches that were simpler to cover. In the newer world of technology, the breaches have also started causing physical damage, accidents or even thefts. This has led to the advent of cyber insurance, which not only covers data breaches but also covers most business disruptions caused by cyber attacks.

To prepare for such risks, the insurance industry has been working on cyber security centered products. According to market estimates, this is a big opportunity that may reach US$ 14 billion by 2020, fueled by 28% estimated CAGR growth in the preceding five years.

Few players are leading the market through their offerings. According to CBROnline:

• AIG, which leads with a 22% market share, provides loss prevention tools

• Hiscox, the next leader, covers negligence by human

• Marsh, the third leading insurer in cyber insurance, assesses risks using statistical tools and quantitative methods in the underwriting process

• Others players offering cyber insurance include Chubb, Berkshire, XL group, CAN, Ironshore, Beazley and others

Key hurdles in cyber insurance proliferation lie within firms and client markets

The two key challenges before cyber insurers are related to (1) designing the product and (2) motivating companies to adopt cyber insurance products.

Challenges in product design: Insurers face hurdles in designing cyber insurance products as threats are evolving.

Challenges in product acceptance by market: Challenges for cyber insurance growth arise when potential clients show reluctance in adopting it. This is mainly due to the following:

• Inability to understand the scale of risk for a particular business

• Disjointed and inconsistent application process for the coverage

• Fear of a dynamic change in the scope of coverage

• Difficulties in making businesses understand their coverage need and policy structure

• Capacity constraints in the market

Concerted efforts required to put cyber insurance on growth trajectory

Given the above challenges, the insurers and the insured could work together to strengthen the cyber risk mitigation mechanism by taking the following steps:

• Collect historical data: As historical data of loss or written business is scarce, insurers should underwrite more and more businesses, which will enable them to acquire mass data.

• Segmentation of coverage: Separating the lines of business and their respective coverages while developing a product could help both the insurer and the insured to assess risks adequately.

• Mutually understand risk exposure: Reaching out to businesses that are not correctly aware about their risks, personally or via advertising/marketing, could open up great opportunities.

• Straight forward reporting: Businesses could be more open in revealing their data to the insurer, working under a legal agreement (e.g., a non-disclosure agreement) that mitigates reputational risks.

To quote former US National Security Advisor Colin Powell: “There are no secrets to success. It is the result of preparation, hard work, and learning from failure”. The cyber insurance industry needs dig deep in historical data, understand the loopholes and be prepared for the unexpected to thrive in an evolving risk environment.

Sources:

https://www.zdnet.com/article/uber-paid-20-year-old-man-to-hide-data-breach-destroy-information/

https://www.ft.com/content/c70d723a-941f-11e7-a9e6-11d2f0ebb7f0

https://cybersecurityventures.com/cyberinsurance-report-2017/

https://www2.deloitte.com/content/dam/insights/us/articles/3446_Cyber-insurance/figures/3446-Figure2.png

http://www.advisenltd.com/wp-content/uploads/2015/10/cyber-liability-insurance-market-trends-survey-2015-10-16.pdf

---

---