Insurance markets are lagging behind. The best bet is to build proper defencesby Paul Wallace / August 29, 2019 / Leave a comment
For more than a decade the World Economic Forum at Davos in January has got the year off to a bracing start with its “Global Risks Report,” based on a survey of business leaders, top academics and other experts. In recent years cyber vulnerabilities have consistently ranked among the main worries. The 2019 survey showed data fraud or theft, and cyberattacks, as the two most likely risks other than environmental dangers.
Where there are risks, there are insurers. Providing cover against cyber breaches is the new fontier. Cyber insurance now commonly covers costs arising from business interruption as well as compensation for users whose data has been compromised. The global market will reach between $8bn and $9bn (of gross written premiums) in 2020—more than double its size in 2017—according to Munich Re, an insurance group.
The market is growing fast—but it is still diminutive given the potential risks. Cyber insurance is dwarfed, for example, by the insurance markets for motor vehicles, and fire and other property damage, worth $420bn and $250bn respectively in 2017 among the G7. As James Dalton at the Association of British Insurers pointed out in May, “the cyber protection gap remains vast,” since estimates of the total global cost of cybercrime range “from the hundreds of billions to the trillions of dollars.”
That gap arises because the standard insurance model, developed for risks that can be quantified and diversified across policyholders, is ill-suited for the cyber age. Potential losses from cybercrime are hard to gauge but can be massive, including harm to intangible assets such as a company’s reputation. Attacks may hurt more than one business, creating the danger of “accumulation risk” where losses pile up from a single incident affecting many policyholders. Cyber underwriters lack the wealth of historical data available for property insurance when pricing risks. Even if they did have more information, the rapidly changing forms of threat could soon render much of it redundant.
Despite these drawbacks, insurers are providing greater cover against losses, especially among larger firms. But in many respects they can help businesses more by getting them to manage cyber risks more effectively, and offering emergency help if attacks do occur. Cyber insurance can act as “a catalyst for good security practice”…