Cyber risk insurance: forecast for the next 5 years
More and more organizations in the world tend to insure cyber risks rather than pray for good luck. In Ukraine, this service is not popular yet unlike other European countries.
Generally speaking, cyber risk insurance is not so different from car insurance: if you damage your car you are dealing with a property damage claim and this insurance claim is handled. However, after making a claim you cannot relax and forget about cybersecurity. As soon as you are granted a certain insurance rate and guarantees by the insurer, you must comply with the declared cybersecurity level and improve it on a regular basis. Just assume that you got insured and you got hacked. If the investigation shows that the incident happened due to the lack of awareness or negligence regarding cybersecurity, payments may be reduced or even frozen. There is no magic bullet, but cyber risk insurance and the right approach will protect you from financial losses.
Thanks to the dramatic digitalization of business, employees transferring to remote work, and the adoption of new technologies, the importance of cyber risk insurance has increased significantly. How is this market changing and what is in stock for us in the next 5 years?
The cyber risk insurance market is going to grow up. According to Standard & Poor’s Corp. Cyber insurance premiums, which now total about $5 billion annually, will increase 20% to 30% per year on average in the near future. The adoption of new technologies by organizations, like IoT leads to increasing connectivity and exposure to cyber risks. As attack surfaces evolve, attackers’ financial incentives grow. Additionally, increasing media coverage on businesses being attacked contributes to businesses seeking to hedge cyber risk with insurance.
Maturity = toughness
As cyber insurance is getting more mature, the regulations for insurance and cyber risk management will be enforced. Regulatory bodies will begin to introduce a higher standard of data collection and require regular reporting about cyber risk exposure. It is possible that cyber insurance will become one of the mandatory requirements for certain businesses, particularly those of financial sector and healthcare.
Due to the emerging market, cyber insurance policies vary significantly in terms of limits, features, terms, and conditions. This causes certain difficulties for policyholders who may not understand which policy is most suitable.
Within the next 5 years, the terms will be revised, ambiguity will be eliminated and common wording will be set. Alternative wording will be provided on demand for more sophisticated buyers.
Adaptive cyber policy
The companies’ behavior may impact the revision of cyber insurance terms. Soon the industry will better understand cyber threats and approach customers considering their level of cybersecurity awareness. For example, a reward for taking correct measures during cyber incidents or provide additional services for more effective security management.
System cyber risk is a big problem for insurance and reinsurance companies. Parametric products providing protection against cyber risks are not accurate yet, so alternatives may appear in the near future. This will drive the further growth of the right products to fill market gaps and the additional required capacity.
Engaging cyber experts
Presumably, the cyber insurance industry will split into two camps. Some organizations will use traditional insurance models, others will engage cyber experts. Even with the development of more advanced cyber risk modeling capabilities, insurers will invest in hiring cyber experts as part of their core risk management team so they can better understand their cyber risk exposure and utilize third-party cyber models.
With the ever-growing number of cyber threats, cyber insurance will become an integral part of doing business in the near future. But you should not consider the issue of cyber risk insurance to be handled by your underwriter. This is a complicated project which needs to be considered by the company’s management. In most cases, the involvement of external experts is needed in order to provide a detailed assessment and prepare for everything, whether the insurance policy is useful or not.