Demand for cyber insurance is booming following the increasing frequency and severity of attacks over the last couple of years. As with any risk management product, cyber insurance is an investment, but it makes sense on a number of levels:
- It can incentivize enterprises to build resilience against attacks and the resulting losses.
- Insurers can reward a strong cyber security posture through lower premium and self-insured retentions or broader coverage.
- It transfers residual risk from the balance sheet as part of a broader enterprise risk management strategy.
The following is a preview of blog posts that appeared recently on the Lockton Market Update. Each installment explores a different aspect of cyber insurance and why it makes sense for most organizations.
The Demand for Cyber Insurance has Skyrocketed. But Is It Worth the Investment?
In a relatively short space of time, the attitude of Chief Information Officers (CIOs) and Chief Information Security Officers (CISOs) toward cyber insurance has flipped 180 degrees. It used to be a major challenge for insurance brokers to engage IT department stakeholders who saw little value in insurance with the money better invested in mitigation tools. Many would agree that a red line was clearly crossed following the Target breach.
Cybersecurity professionals no longer view defense as a “prevention” exercise and have adapted their strategy to build “resilience” within the enterprise, thereby minimizing the financial impact. For industries that hold large volumes of payment card data and personally identifiable information, such as Retail, Healthcare and Financial, the demand for cyber insurance will only continue to grow.
To Legislate or Not to Legislate; That is the Question
A risk transfer strategy as part of an overall enterprise approach to cyber security has rapidly become indisputable. However, the insurance industry is beginning to understand that it has an important and wider role to play.
Sharing cyber security threat information between companies in the private sector – and with the government – is an important means of creating an early warning system against incoming attacks. Companies will also be able to learn about specific attack vectors, the vulnerabilities that they exploit and patch or prepare before it is too late.
Why the Cyber Insurance Market will be Sustainable in 2016 and Beyond
Quantifying cyber risk remains a major challenge to the industry but AM Best’s research estimated that the probable maximum loss from a single cyber related event was $31 billion, well in excess of $4.6 billion for a nuclear loss.
As such, demand for cyber insurance in the US is booming following the increasing frequency and severity of attacks over the last couple of years. Total premium spend today is estimated to be close to $3 billion and by 2020 could reach $7.5 billion according to PricewaterhouseCoopers. Though the outlook for the cyber insurance market is positive, the interconnectivity of the digital world means that the wider insurance industry must quickly begin to understand aggregation of risk.
Want to learn more?
These concepts, and others, are outlined in more detail in the “Investment in Cyber Insurance” chapter I authored in the new book, Navigating the Digital Age: The Definitive Cybersecurity Guide for Directors and Officers (published by Palo Alto Networks and the New York Stock Exchange).