Insurers grow their cyber crime insurance sales, but assessing
and managing cyber risk poses challenges.
The cyber insurance market is booming due to rising
cyber-attacks, but insurance organizations will need to become much
more sophisticated in their approach to assessing and managing
cyber risk if they hope to turn cyber policies into a strong and
sustainable line of business.
A growth market emerges
Encompassing a broad range of cyber insurance products designed
to cover operational risks affecting confidentiality, availability
or integrity of information and technology assets, cyber insurance
is among the fastest-growing niches in the industry. While its
growth is led predominantly by financial institutions seeking to
perform cyber risk management and better transfer their cyber risk,
demand is also being driven by regulatory pressures and
notification legislation that will require all firms to notify
individuals if their personal data is breached. Companies are
increasingly seeking cyber breach insurance products that cover the
management and costs of notification processes.
The cyber insurance market also seems ripe for continued organic
growth. As organizations become more reliant on data, and more of
their business is conducted over digital channels, they will place
increasing value on protecting that data and those channels from
cyber-attacks. In turn, they will seek ever-higher levels of
coverage from their insurers to cover greater risks. Demand for
cyber-crime insurance is also being driven by a number of very high
profile and costly breaches over the past few years, often leading
to consumer litigation.
Cyber insurance growing pains
The challenge for any fast-growing and emerging market segment
is that it often takes some time to fully understand the unique
risks and challenges that they are taking on. In part, this is
because the threat risk is continuously changing, as cyber
criminals' vast toolkit evolves rapidly. Also, some insurers
may struggle with how to value and compensate data breaches that
cause reputational and brand damage.
The underlying problem is that few insurance organizations have
a clear understanding of what 'good' cyber security looks
like for their customers. They are therefore unable to assess
whether their customers are taking the right precautions to
properly manage their risk. Since some cyber insurance products can
be purchased today without the need for even a high-level risk
assessment, clearly the insurance industry will need to drive
towards standards if they hope to remove the moral hazard concerns
inherent in this market.
Seizing the competitive advantage
If the cyber insurance market is to properly mature and
effectively transfer risk, insurers (and any eventual re-insurers)
will need to become much more sophisticated in their approach to
assessing and managing cyber risk. Those that hope to achieve
first-mover advantage will want to focus on three, somewhat
To properly quantify the risks they are underwriting, insurers
will need to improve their ability to conduct appropriate security
assessments on customers to better understand and monitor the
protections in place and the likelihood of a claim.
Insurers will need to become much better and faster at managing
and analyzing their data to inform their pricing and risk models.
For example, by overlaying claims information to quantify the value
of each security method.
Insurers should distinguish themselves with product innovation,
including new, relevant policy features as well as a broader scope
of services to support their cyber insurance customers, from risk
assessment, forensic investigation and breach investigation
services to their customers.
The bottom line is that insurers will need to think more broadly
about how they develop and structure their products if they want to
succeed in the evolving cyber insurance market.
Questions to think about:
Has your firm examined the market potential of offering cyber
insurance or other technology risk products?
What steps are you taking to understand clients' evolving
cyber risk management needs to drive product innovation?
How sophisticated is your ability to perform client cyber risk
assessments and monitor cyber threats?
What in-house capabilities or third-party expertise do you
require to keep up with the ever-changing cyber risk
The content of this article is intended to provide a general
guide to the subject matter. Specialist advice should be sought
about your specific circumstances.
To print this article, all you need is to be registered on Mondaq.com.
Click to Login as an existing user or Register so you can print this article.
In this publication, we address how Dubai is leading the way in the application of technology to its healthcare insurance system and how the health insurance law is developing around these initiatives.
On 17 April, the National Treasury and the Financial Services Board ("FSB") published for comment the draft Insurance Laws Bill, 2015 ("the Bill").
Some comments from our readers… “The articles are extremely timely and highly applicable” “I often find critical information not available elsewhere” “As in-house counsel, Mondaq’s service is of great value”
Register for Access and our Free Biweekly Alert for
This service is completely free. Access 250,000 archived articles from 100+ countries and get a personalised email twice a week covering developments (and yes, our lawyers like to think you’ve read our Disclaimer).