Cyber attacks are on the rise. Hackers are increasingly looking to take advantage of security vulnerabilities to steal valuable customer data, including financial details and sensitive personal information. For corporations, the impact of these attacks goes far beyond data loss. From significant public relations fallout and loss of customer trust to stiff regulator penalties, a single successful cyber attack can paralyze a corporation's operations, and damage their reputation and profitability for years to come.
Yet, despite very real risks of cyber attacks, many corporations struggle to know how to respond appropriately. In KPMG's 2018 Global CEO Outlook, many CEOs believe a cyber attack on their business is inevitable, with 68% of US-based CEOs saying it's just a matter of time. However, only 51% of CEOs worldwide believe they are well prepared for a cyber attack.
Today, businesses of all sizes struggle to identify, assess vulnerability for, and respond to the explosion of digital threats and targeted cyber attacks. This is a significant gap — and one that insurers can help corporations bridge.
The cyber insurance market is a small but growing part of the insurance sector that helps corporations protect against digital threats. Allianz estimates that cyber insurance currently represents about US$2 billion in premiums worldwide, with the US market accounting for approximately 90% of that total. However, as the incidence rate of cyber attacks continue to climb — and corporations are increasingly in the news for losing their customers' data, effective cyber coverage becomes an increasing corporate priority. Cyber insurance premiums globally are expected to reach US$20 billion by 2025 (A Guide to Cyber Risk, Alianz).
This growing need, market, and corresponding awareness of risk creates a significant opportunity for insurers willing to move now to capture market share and build customer trust.
Despite the scale of the opportunity, providing cyber insurance is not without its complications.
While most insurance products are based on decades of actuarially sound, aggregated, and shared data, cyber insurance is more risky. Not only is this type of insurance far newer, but the information surrounding associated risks and vulnerabilities is also more fragmented. One way that insurers can better understand and price for cyber risks is through the GDPR regime, which compels certain firms to make mandatory declarations of data. However, the extent to which insurance companies will obtain access to this disclosed GDPR data, both now and in the future, is not currently clear.
Assessing the risk of and coverage against digital threats is also difficult, with many insurers challenged by the complexities of pricing cyber insurance products. There is also uncertainty in the market as to whether businesses have coverage against cyber attacks as part of current policies, and if so the degree of coverage provided.
Another factor to consider is that, as businesses in possession of significant volumes of highly sensitive customer data, insurance companies are themselves prime targets for cyber attacks. As insurers transform legacy systems and manual processes to become more reliant on new technologies and platforms, the corresponding risk of attack and need for cyber security grows. This means that cyber security must become a priority for all insurers, regardless of the client base served or type of coverage provided.
For insurers looking to increase awareness and uptake for this burgeoning form of insurance, consider the following four steps:
Cyber insurance is a rapidly growing segment of the broader insurance market. Insurers that take key steps now can quickly find themselves at the forefront of this new and increasingly necessary market.