Share with your friends

Preparing to seize the cyber insurance opportunity

Seizing the cyber insurance opportunity

As companies face rising cyber security risks in the digital economy, insurers can position themselves for growth in the cyber insurance market.


Also on

Lock on keyboard

Businesses of all sizes are struggling to identify, assess and respond to an explosion of digital threats and targeted cyber attacks that could paralyse their operations.

Cyber crime is high on the agenda of business executives, according to KPMG’s 2017 Global CEO Outlook, and we see strong signals that many CEOs are moving beyond a generic view of cyber risk to develop risk, resilience and mitigation plans in the parts of their business that could be most seriously affected. Cyber insurance is an important way for CEOs to protect their organisations.

Closing the gaps in cyber insurance

Unfortunately, as cyber risks and attacks proliferate, many organisations and their insurers are discovering alarming gaps in the coverage provided by traditional insurance policies. Cyber insurance has traditionally focused primarily on digital assets such as customer data. Now, the global industry is starting to expand into adjacent insurance lines across both the intangible and tangible asset space.

As the scope, frequency and impact of cyber-related incidents soars, huge new opportunities exist for insurers positioning themselves for growth in the cyber-insurance market. For those that get it right, the rewards will be significant in a market that is predicted to be worth more than US$10 billion in global premiums by 2020.

The immediate challenges for insurers include the need to enhance their cyber capabilities, unravel the complexity of modeling and pricing, and redefine their organisational structures. Forward-looking insurers are evolving their focus from property and assets coverage to providing a full spectrum of services across these three key categories:

  1. Understanding risk – Insurance providers are working with technology companies to leverage their deep know-how in customer use cases and software and hardware vulnerabilities.
  2. Preventing risk – While businesses remain slow to implement preventive measures due to low awareness and recognition of the value of such services, incentives could drive up implementation and a move toward preventative services is likely to lead to a decrease in overall premiums and claims.
  3. Responding to cyber incidents – Insurance players have already established partnerships to provide a variety of cyber incident response services. While customer take-up rates have been relatively low, the industry may see expansion in this area as customer awareness of the added value gradually grows.

The four waves of cyber insurance development

As insurers seek to expand coverage and introduce innovative solutions, industry experts anticipate that the development of cyber insurance is about to undergo several critical ‘waves.’ From an initial focus on digital assets, the sector is expected to expand to encompass a range of new products covering other asset classes, as well as addressing non-cyber perils in traditional insurance.

Wave 1: Strengthening core digital asset propositions with crisis management
Cyber propositions that focus on losses related to digital assets – like data breach, cyber crimes and data loss –- are likely to remain the core of any proposition set. But players may face growing pressure to develop integrated crisis management solutions that improve customer experience, drive top-line growth, generate market intelligence to model risk more effectively, and enhance underwriting capability.

Wave 2: Enhancing risk-modeling to expand coverage to assets with cyber triggers
As risk-modeling capabilities evolve, insurers could expand their offerings into other cyber areas. In the short term, cyber insurance will diversify into business interruption and network and service liability. In the medium-to longer-term, insurers can start addressing losses to other intangible assets arising from issues like reputational harm.

Wave 3: Insuring the ‘uninsurable’
As the traditional cyber insurance market becomes more saturated, insurers need to push the boundaries of risk modeling and develop new products serving untapped areas such as intellectual property (IP) theft insurance.

Wave 4: Transitioning from cyber to intangible asset insurance on non-cyber perils
Some market participants see a natural future evolution of cyber insurance could to include damage to intangible assets with non-cyber perils, such as reputational harm due to product recall, which is rarely covered by traditional insurance.

The insurance industry is at the threshold of a major shift that poses real challenges but the payoff promises to be significant for insurers willing to rethink strategies and offerings for the digital age.

Connect with us


Want to do business with KPMG?


loading image Request for proposal