More organizations than ever, especially small and medium-size ones, will seek to account for the fast-rising risk of suffering a cyber attack in 2017 by buying a cyber liability policy.
The general state of security of U.S. business networks remains anemic when compared to the vast and growing capabilities of hackers with m salicious intent. Companies are beginning to realize the value of offsetting this risk to an insurance carrier—and insurance companies and underwriters recognize a golden goose when they see one.
The fledgling cyber insurance market topped $3 billion in 2015, and ABI estimates the global cyber insurance market is swelling at a clip that will top $10 billion by 2020.
ThirdCertainty sat down with Tim Francis, cyber insurance enterprise lead at Travelers Bond & Financial Products, and Graeme Newman, chief innovation officer at CFC Underwriting. Here’s their forecast. (CyberScout sponsors ThirdCertainty. This text has been edited for clarity and length.)
Q: Could you frame the emerging cyber insurance market for us?
Newman: The cyber insurance market has been around for 15 or 16 years now, which in insurance terms, is a short period of time, but it’s growing fast. It’s very much U.S. dominated, and it also falls into some specific industry verticals. You get a lot of buyers in the financial services, within retail and within health care. But that’s starting to change.
Francis: Part of what’s driving this shift into different industries, and also smaller-size companies, is the recognition that cyber is not just a product for companies with large amounts of data. A lot of coverages go beyond that to things like business disruption, which could affect any company virtually. For instance, ransomware has nothing to do with the excavation of data.
Q: What are some of the obstacles?
Newman: The value proposition has been poorly articulated. But that’s getting better as we get more buyers, as we see more claims examples, and as we see many more people get affected by things like ransomware. So that leads to growing awareness and to development of the product.
Francis: There has been a lack of awareness. That lack of awareness is starting to be eroded, largely driven by agents who are now recognizing their customers’ needs and beginning to understand that there are gaps in traditional coverage. … The agents have gotten much more comfortable in understanding coverage differences and in selling cyber policies, and I think that’s helped spread the market.
Newman: The insurance market for the past 300 years has focused on insuring tangible assets: physical buildings, plants and machinery. But the world has changed. The value of the world’s intangible assets—the information, the data, the intellectual property—now exceeds the value of the world’s tangible assets. And yet the vast majority of the world’s insurance vendors are still focused on protecting the tangible. The cyber insurance market is developing to plug that gap.
Q: Cyber threats are complex; hackers seem to be endlessly innovative.
Francis: That’s right. Any company or organization that relies on technology or collects data has some element of cyber exposure that a cyber insurance product of some sort would likely be a good purchase for. I can’t imagine a company in today’s day and age that doesn’t use technology, doesn’t have some level of data, that won’t be hurt if that data goes missing or if their systems are inoperable for some period of time.
Newman: We’re not trying to insure the economic value of bits of information. I think this is where buyers can get confused. It’s very much like property insurance; we’re insuring the rebuild value. If your data gets lost, damaged or corrupted, we’re paying the cost of restoring and repairing that data.
Q: If I’m a company in the market for a policy, how should I approach it?
Francis: You should look at it very opportunistically. Right now we’re in a buyers’ market. There are lots of different carriers that offer some level of coverage regardless of what industry you’re in, regardless of your revenue or your number of employees. There’s likely to be numerous insurance options available.
It’s important to connect with an agent that’s familiar with this line of insurance, and that population is growing daily. It’s also helpful to understand there are certain things you might be able to do up front to help make your cybersecurity posture better going into this process. Talking to a professional who can help guide you through this process is important.