About 61% of business leaders across all industries see cyber attacks as a threat to the growth of their business, and 2014 saw an average of 100,000. As a result, the global cyber insurance market could grow to $5bn in annual premiums by 2018 and at least $7.5bn by the end of the decade, according to “Insurance 2020 & beyond: Reaping the dividends of cyber resilience.
As Boards become increasingly focused on the need for safeguards against the most damaging cyber attacks, insurers will find their clients questioning how much real value is offered in their current policies.
If insurers continue to simply rely on tight blanket policy restrictions and conservative pricing strategies to cushion the uncertainty, they are at serious risk of missing this rare market opportunity to secure high margins in a soft market. If the industry takes too long to innovate, there is a real risk that a disruptor will move in and corner the market with aggressive pricing and more favorable terms.
The report by PwC advices insurers to capitalize on the cyber risk opportunity whilst managing the exposures by;
- Maintaining their own cyber risk management credibility through effective in-house safeguards against cyber attacks
- Identifying concentrations of exposure and systemic risks in an increasingly inter-connected economy
- Evaluating Probable Maximum Losses and extreme events/scenarios, and monitoring and modifying these regularly as new types of attack arise
- Assessing and monitoring trends in frequencies and severities of attritional and large losses, and in the types of attack being perpetrated
- Partnering with technology companies and intelligence agencies to develop a holistic and effective risk evaluation, screening and pricing process
- Data sharing between insurance companies to secure greater pricing accuracy
Finding a risk facilitator (possibly the broker) to bring all parties (corporations, insurers, reinsurers, policymakers) together to coordinate risk management solutions, including global standards set for cyber insurance.
- Making coverage conditional on a full and frequent assessment of policyholder vulnerabilities and agreement to follow agreed prevention and detection steps. This could include exercises that mimic attacks to highlight weaknesses and plan for responses
- Replacing annual renewals with real time analysis and rolling policy updates
“Insurers also need to continue to invest appropriately in their own cyber security – a business which can’t protect itself can’t expect policyholders to trust them to protect and advise them. Given the huge volume of medical, financial and other sensitive information they hold, it is critical that insurers have closely monitored, highly effective cyber security frameworks in place. Sustaining credibility in the cyber risk market is crucial when looking to become a leader in this fast growing market. If this trust is compromised, and with innovative competitors knocking on the door, it would be extremely difficult to restore brand reputation.” said Paul Delbridge, insurance partner at PwC