Cyber insurance market booms, but insurers struggle to define policies
Transferring risk in exchange of a premium makes commercial sense for businesses and organizations. In the cyber insurance market, several insurers provide value-added services such as access to a specialist lawyer, IT forensics experts and crisis management in the event of a data breach. This further makes cyber-insurance products more attractive, and also increases the value of the product to customers. Businesses are increasingly purchasing standalone cyber risk insurance policies to cover the specific cyber risks. Standalone cyber risk insurance policies fulfill the limitation of traditional policies by providing insurance cover for specific risks in a cyber environment. It includes the cost of security or data breach such as notification expenses, regulatory fines and penalties, investigation and restoration cost.
Within the cyber insurance market landscape, insurers are collaborating with cyber security experts to provide robust cyber risk management to the businesses and organizations. An ideal form of cyber risk management requires a balance between IT security measures and transfer of risk as an insurance solution for cyber risk. Insurers' core competency lies in pricing and underwriting risk, while cyber security experts specialize in using technology to deal with cyber vulnerabilities. The cyber insurance market has the ability to offer solutions that cover a broad range of cyber risks; however, there are certain caveats. Risks faced by the firms tend to be unique to the industry in which they operate, and this requires the policy to be accordingly customized. The degree of cyber exposure, the scale of the organization and the type of data collected are key determinants of cyber insurance policy terms and pricing.
According to this new research, cyber risk insurance market is experiencing rapid development, with the size of global gross written premiums growing from US$850 million in 2012 to an estimated US$2.5 billion in 2014. The cyber risk insurance market is gaining traction due to a growing number of cyber attacks and the increasing reliance of businesses upon technology for operational capabilities and storing data. However, insurance firms are responding slowly to this rising demand, and there is still number of imperfections in the market that is leading to a sub-optimal outcome. Total global losses from cyber crime stood at US$445 billion as of June 2014. With governments becoming increasingly involved in cyber threats, the prospect of compulsory cyber risk insurance could become a reality. It would have a transformative impact upon the market and could create a strong source of future revenues for non-life insurers.
The demand for cyber insurance in Europe is expected to grow substantially, once the new General Data Protection (GDPR) law is finalised by the end of 2015. It is expected to come into force by 2017 in all the EU member states, making data breach notification compulsory. This will likely give more power to the regulators, along with an increase in penalties - up to EUR1 million (US$1.3 million) or 2% of company's global annual turnover. The cyber insurance market in Europe is underpenetrated, with an estimated worth of US$150 million in gross written premiums in 2014. In comparison, the US is leading with approximately 90% of the global premiums in the cyber insurance market valued at US$2 billion in gross written premiums in 2014.