Cyber, innovation and society
Cyber risk presents an important test case as to the adaptive capability of the insurance industry. The threats that businesses face are changing, and it is vital that risk management is able to shift to meet these threats. The contribution of the insurance industry is absolutely central to this.
Joe Ahern, senior policy adviser on cyber insurance at the Association of British Insurers (ABI), explores.
At the beginning of 2019, the picture is a positive one. A thriving and dynamic cyber insurance market serves the global business community well, providing broader, more relevant coverage to a greater number of firms. It is worth analysing a few current trends and where they might suggest the market is heading.
Due to difficulties in categorising what we in fact mean by “cyber” insurance, it is difficult to arrive at any common understanding as to the true size of the market. For example, should it include coverages on commercial property policies for cyber business interruption, or coverages on cyber policies for losses normally covered on other product lines, such as social engineering fraud?
A growing market?
Nevertheless, looking at year-on-year comparisons of collections using the same measures, it seems fair to assert that the market is experiencing healthy growth. For example, Aon found that there was a 37% increase in US cyber premium between 2016 and 2017, demonstrating the even in the most developed market growth remains significant. Forecasts tend to paint an optimistic picture too, with Munich Re suggesting that a $4 billion global market in 2017 will become a $7-8 billion market in 2020.
Furthermore, typical cyber policy coverage has broadened significantly beyond the breach response focused policy that emerged in the mid-2000s. Surveys carried out by the PRA, as well as by EIOPA, the European regulator, will tell you that it is now not only commonplace for policies to cover business interruption – but also contingent business interruption for certain losses incurred as a result of cyber-attacks in the IT supply chain. Research by PCS found that policy limits are currently five times larger than those of just four or five years ago. This means businesses have the opportunity to cover much more of their exposure to cyber losses.
Crucially, insurers increasingly focus their offerings on the services provided as part of cyber insurance which help to reduce the frequency and severity of cyber breaches. Insurance is traditionally seen as simply a risk transfer mechanism. However, it is often in the advice and technical support that insurers can provide where much of the value of cyber insurance lies. This is particularly true for smaller, less sophisticated clients such as SMEs. Given that these customers are a major growth area, pursuing this line of thinking even further is something that innovators – whether incumbents or start-ups – will no doubt continue to explore in 2019.
All of this is good news for insurers – as well as for the global economy more broadly – but the cyber protection gap remains vast. Estimates of the total global cost of cyber-crime range from the hundreds of billions to the trillions of dollars. Insured losses on both real-life scenarios such as the Equifax and Merck cyber-attacks, and on modelled scenarios such as those in AIR’s “Cloud Down” report, significantly undershoot the total economic losses. As a result, the growth potential for the market is still great. A focus on innovation will be crucial if the insurance industry is to rise to the challenge of protecting society from its exponentially growing cyber risk.