An Insurable Threat?
CONSIDERING THE RECENT CYBER INCIDENTS WORLDWIDE, OVER HALF OF INSURERS, REINSURERS AND RISK MANAGERS IN ASIA ARE NOW MORE INCLINED TO PURCHASE CYBER INSURANCE COVERAGE FOR THEIR COMPANIES IN THE COMING YEAR.
Almost 30 percent of them believe that the market for cyber coverage will surge by 50 percent in the coming three years. Another 32 percent believe in an increase of more than 20 percent in the same period.
At the same time, less than 10 percent believe they have a sufficient product range in place, while 83 percent acknowledge that they’re still developing new solutions and products and/or haven’t launched any.*
The market is there and recent events like hacker attacks on Apple or Sony show that even IT infrastructure that is considered highly secure is not safe from attack. Closer to home, Malaysia Airlines’ homepage was attacked by hackers claiming to be from the ‘Lizard Squad’ group early this year. It is therefore particularly important for operators to be able to limit potential risks. Alongside effective soft- and hardware security, this is achieved by means of appropriate insurance coverage. Estimated growth in primary cyber insurance markets till 2020 is expected to reach US$3 billion (from US$0.3 – 0.5 billion in 2015) with a 70/30 split between markets in Europe
and Asia. Munich Re sees exponential growth of the cyber insurance market in the region. While the potential is there, the cyber insurance market is a major challenge for the industry.
OPTIMUM COMBINATION OF IT SECURITY AND INSURANCE COVER NEEDED
The triumphant advance of digital communication technology seems to be a key driver of many sudden and unexpected cyber threats. And the development of new technologies like driverless cars creates constantly new risks and changes to our daily life. To master these risks, it takes the capacity to quickly identify changes in risk and demand, and to develop new products or enhance existing ones. If insurers do not keep up with the pace of technology, they will not be able to adapt their products. This calls for better risk management and correspondingly coordinated insurance cover. The management must be extensively prepared for such attacks in order to avert damage to the company – and to protect itself. Preventative IT security is essential when it comes to protecting a company’s systems against hackers. But even companies who have extensively upgraded their security systems must remain alert to the possibility of a successful attack, as total security can never be achieved, not even with the best technical precautions. Companies’ core risks change as communication channels become more numerous, enabling both news and rumours to snowball at ever greater speeds. Focuses and loss potentials shift, and risk managers must ensure that covers are adjusted accordingly. Where hacking is concerned, this means that the cover of both the cyber risks and the reputational risks must be carefully considered. Instead of incorporating these risks into regular property and liability policies, they could be covered through individual policies tailored to each company’s specific situation.
For now, we see four main areas of Cyber insurance: At Munich Re, we support our clients to find solutions for data risks for private persons and households, be it identity theft, online shopping, streaming, loss of credit card data, negligent violation of copyrights and much more. Data breach insurance for commercial business Our reinsurance focus is to offer our clients a holistic underwriting approach, covering risk assessment, pricing, claims and accumulation management for the individual commercial business coverages and portfolios. Data breach insurance for industrial business This is currently Munich Re’s core business when it comes to Cyber solutions. Part of it are standard and special covers such as cyber extortion, media liability and reputational risk cover. Insurance of critical infrastructure Following recent social and political developments, this will gain importance. Critical infrastructures are the most protected and therefore most attractive hacker targets motivated by either economic or political reasons.