Companies' reliance on cloud-based data is at an all time high and is only likely to increase as software and hardware tools become more accessible, affordable, and sophisticated. While the benefits to this method of storing and accessing data are obvious, notably lower costs and increased accessibility, it comes with its own set of heightened risks.
This increased reliance leaves many companies, including insurers, extremely vulnerable to cyber attacks. As the technologies that companies use to store their data become more advanced, so do the skills and techniques of hackers looking to steal, manipulate, or hold data for ransom. Executives are now constantly on the alert for weaknesses in cyber security or the threat of an attack, despite the fact that it’s near impossible to prepare for or anticipate them.
Data breaches in the past few years, like Facebook or Capital One, left millions of customers’ sensitive information vulnerable or outright exposed. For the insurance industry, the increased frequency of data breaches is particularly concerning given how much sensitive information the average insurance company holds. However, it also falls on the insurance industry to help insure companies against these attacks. How is the insurance industry responding to these threats and how has cyber insurance evolved to help other industries better protect themselves?
Insurance industry is still working out how to insure against cyber attacks
The idea of cyber insurance is not necessarily a new one, but it’s never been as significant as it is today. There’s also never been more at stake, as more customers hand over the rights to everything from their personal banking information to the monitoring of their daily conversations in their own homes.
So far, the insurance industry has fumbled a bit as to how to insure against cyber attacks. It’s a complicated issue due to the nature of the beast. There’s an endless amount of data that could be attacked or held for ransom at every single company that uses cloud storage - and just as many ways to attack it. As stated before, it’s also absolutely impossible to predict when, where, and how certain data might be attacked.
If all that wasn’t complicated enough, there are reports of companies and governments with cyber insurance having their data hacked and held for ransom because hackers are aware of an insurance policy in place.
Businesses are underinsured and unclear on what their policies cover
While securing cyber insurance in the event of a data breach might seem pretty intuitive, PWC estimates that only 30 percent of businesses have a cyber-risk or cyber liability insurance policy in place. Of the ones that have a plan in place, there’s some degree of a lack of understanding as to what those policies cover.
FM Global surveyed 105 CFOs at enterprise-scale companies with annual revenue of at least $1 billion and found that 71 percent felt they were adequately covered in the event of a cybersecurity incident. If they were covered, 45 percent expected their cyber insurance provider to cover most of their losses in the result of a breach, and 26 percent expected the provider to cover their losses in full.
However, as noted in CPO Magazine, many of these policies don’t cover certain costs commonly associated with a cyber breach, including loss of revenue, regulatory compliance costs, drops in share price and market share, damage to the company brand, and more. Part of this falls on businesses to fully understand what is and isn’t covered in their policies. It also falls on insurers to have a better understanding of how to insure against cyber threats and assess cyber risk.
How is the insurance industry responding?
Cyber security poses an enormous risk to many companies, especially those relying on cloud storage to hold their sensitive data and information. That the insurance industry must respond to that need by providing coverage for companies in the event of a breach is a given, but assessing cyber risk is far more complicated than many companies might think.
A report from AM Best states that direct premiums written for both standalone and packaged cyber policies reached $2 billion in 2018, which is double the numbers from 2015. There’s no question this number will continue to grow and that policies will continue to get more sophisticated as this specific area of the industry matures.
While it’s a relatively small area of the market right now, there’s also a growing number of insurtechs that are entering the space as well, like OZON, which recently partnered with Swiss Re Corporate Solutions to help expand its cyber offerings. It’s a safe bet to assume we’ll see more of these insurtechs, and corresponding partnerships, spring up in the years to come as the industry becomes more adept at assessing cyber risk and insuring against data breaches.
If you have a topic you'd like us to cover, or you'd like to become a contributor, we'd love to hear from you! Please email our editorial team with an overview.