Filed Under:Risk Management, Cybersecurity

Despite frequency and awareness, cyber insurance market lags

Opinion

The reasons behind the struggling cyberinsurance market are myriad and traceable to obstacles facing both insurers and consumers. (Photo: Shutterstock)
The reasons behind the struggling cyberinsurance market are myriad and traceable to obstacles facing both insurers and consumers. (Photo: Shutterstock)

Cyber crimes have been dominating our politics, our finances and our national security.

Not a day goes by without news of another cyber attack, hacking scheme or massive data breach. They range in scale from simple identity theft of credit card numbers or online passwords to the recent WannaCry attack by North Korean hackers that disrupted computer systems in English hospitals, Chinese universities and German railways.

According to the Identity Theft Resource Center, U.S. companies and government agencies suffered a record 1,093 data breaches last year, a 40% increase from 2015.

The CEO of IBM Corp. has ominously identified cyber crime as "the greatest threat to every profession, every industry, every company in the world," while the CEO of Lloyd's estimated that cyber attacks cost businesses as much as $400 billion per year. Meanwhile, the new enforcement directors at the U.S. Securities and Exchange Commission recently warned that hacking crimes are the great threats to our financial markets. Even President Donald Trump has acknowledged cyber theft as "the fastest growing crime in the United States."

Obstacles facing insurers & consumers


How can companies and consumers protect themselves and manage this increasing threat? Insurance has traditionally been a principal tool for mitigating risk. Yet, while worldwide spending on cyber security products rose to a record $73.7 billion in 2016, only 29% of U.S. businesses have purchased cyber insurance.

Moreover, cyber insurance accounted for only a small fraction — between $1.5 billion to $3 billion — of the $505.8 billion generated in premiums by U.S. insurers. The reasons behind the struggling cyber insurance market are myriad and traceable to obstacles facing both insurers and consumers. A recent report by the Deloitte Center for Financial Services attempted to identify the barriers affecting growth in this promising line of insurance.

From the insurers' standpoint, the lack of historical data on cyber losses significantly inhibits their ability to build predictive models and properly assess cyber risk. Simply put, cyber insurance has not been sold for long enough to develop suitable market trends.

Vast majority of cyber crimes go unreported


The U.S. government does not maintain a centralized database cataloging cyber attacks. Moreover, because of the sensitive nature of cyber crimes, the vast majority go unreported. With insufficient data, insurers are loath to offer comprehensive coverage.

In addition, cyber attacks continue to evolve in scope and sophistication. Like terrorism, cyber attacks can occur at any time, any place, and to anyone. With an unpredictable and changing underlying exposure, insurers cannot anticipate and mitigate against these cyber risks. 

Because of these obstacles confronting insurers, consumers face an uneven and expensive market for cyber insurance products. Insurers offer a patchwork of various coverages, often with minimal limits and nonstandardized language. Moreover, many companies erroneously assume that their general or professional liability policies cover cyber risks. Errors and omissions policies, however, typically do not cover cyber thefts and hacking schemes that trick employees into issuing payments or divulging confidential and proprietary information.

Related: Ransomware attacks leave insurers and businesses exposed

While commercial crime policies may cover the theft itself, they do not account for other cyber-related expenses like forensics, credit monitoring, crisis management, and reputational risks. Yet, standalone cyber policies lack standardized language within the industry. Differing terminology from insurer to insurer inhibits a buyer's ability to compare coverage and pricing. This also affects claims management and coverage disputes, as courts have not been able to interpret and enforce uniform cyber insurance provisions to provide clarity to both insurers and insureds.

Steps to wide-ranging coverage


Despite these hurdles to a thriving cyber insurance market, Deloitte offered several concrete steps to facilitate access to wide-ranging coverage that is both simple and affordable. As frequent targets of hackers, insurers can draw on their own cybersecurity experiences to develop more accurate predictive models.

Following the lead of U.S. intelligence agencies, insurers could also partner with IT professionals and former hackers in order to understand the scope and nature of cyber losses. Alternatively, insurers could issue more specialized cyber products tailored to specific types of exposure such as data breaches or specific areas of technology in order to better assess their risks on a smaller, more manageable scale. Furthermore, insurers could provide all-inclusive cyber risk management services and post-loss recovery support with their insurance products. This will benefit consumers and businesses by helping prevent cyber incidents from occurring and ultimately lowering premiums, while also decreasing loss frequency for insurers and bolstering account retention.

In the next decade, the proliferation of driverless cars and ride-sharing will likely hurt the insurance industry's most profitable line of business, auto coverage. Moreover, automation and the changing nature of the nation's labor force will inevitably affect another large line, workers' compensation. Accordingly, cyber insurance is one of the few promising areas for long-term growth.

With an ever-increasing spotlight on cyber crimes and hacking, consumer interest in insurance products to protect against those risks will only intensify. If the insurance industry does not become a more reliable provider of comprehensive and affordable cyber coverage, insurers will be left behind as businesses seek alternative methods of managing risk.

Related: Policy 'landmines' keeping cyber insurance buyers up at night

Michael D. Ford is a litigation attorney in the Miami office of Hinshaw & Culbertson. He represents insurers nationally and focuses on resolving and litigating complex coverage disputes and bad faith matters. Contact him at mford@hinshawlaw.com. Opinions expressed are the author's own.

Originally published on Daily Business Review. All rights reserved. This material may not be published, broadcast, rewritten, or redistributed.

Related

Clients considering cyberinsurance? Here’s what they need to know

A rundown of what potential buyers need to know when thinking about purchasing cyberinsurance.

Featured Video

Most Recent Videos

Video Library ››

Top Story

5 things to know about the NAIC's new cybersecurity model law

The NAIC's newly-adopted Insurance Data Security Model Law provides guidance for carriers, agents, brokers and their business partners.

Top Story

5 insurance advisor marketing mistakes to avoid

The right marketing tactics can help insurance agents and brokers reach their goals.

More Resources

Comments

eNewsletter Sign Up

PropertyCasualty360 Daily eNews

Get P&C insurance news to stay ahead of the competition in one concise format - FREE. Sign Up Now!

Mobile Phone

Advertisement. Closing in 15 seconds.