Rapidly advancing technologies make cyber risks complex and difficult to insure against.
To complicate matters further, recent attacks show that the costs of a breach can escalate well beyond managing the fallout of lost or corrupted data. Firms need to factor in the potential damage to their reputation, physical and intellectual property, as well as disruption to business operations.
Unfortunately, many businesses aren’t doing enough to manage cyber risks, according to Swiss Re's latest sigma report “Cyber: getting to grips with a complex risk.” A dedicated cyber insurance market is developing rapidly, but so far the scope of cover is modest relative to potential exposure.
Managing a complex risk
Dedicated cyber insurance typically provides core protection against data and network security breaches and associated losses, with capacity limits in the market today ranging from around $5 million to $100 million. However, some significant cyber-related risks remain largely uninsured and the scale of existing cover is modest relative to companies' overall potential exposures. Many firms are looking to transfer cyber risks to third parties better-placed to absorb them.
Insurers and risk analytics vendors are also experimenting with different approaches to cyber risk modelling, including deterministic scenario analyses and probabilistic models, in an attempt to estimate the potential losses of cyber events.
Product and process innovation
In the meantime, product and process innovation in insurance and other risk transfer mechanisms will play an important role in upgrading cyber risk management capabilities. A crucial factor influencing the pace of innovation will be the capture and analysis of relevant data and threat intelligence needed to underwrite cyber risks accurately.
Not all businesses are doing enough to manage their cyber risks. How can insurers help?
For their part, insurers are looking to develop less complex and more flexible insurance products. These include covers that can be tailored to small and medium-sized businesses, which have been underserved by insurance and are often less well placed to cope with cyber risks than larger firms. Additionally, some reinsurers are seeking partnerships with cyber security firms and data analytics vendors to fill knowledge gaps and scale up or provide additional services to their clients.
Learn more about the complexities of cyber risk in the infographics below, and check out the full report from Swiss Re.
Click images for full resolution.