60 seconds with Chris Newton

Is there increasing demand for cyber insurance?

There is a lot of interest in cyber risk and related insurance products. But the term cyber means different things to different people. Ten years ago it referred to liabilities associated with online content and virus transmission. But now it includes network security, unauthorised credit card transactions, business lost due to network downtime and in particular, the threat of security breaches involving personal data, and that is where interest is growing fastest.

Have insurers responded with cover?

Insurers have developed insurance for these types of risk, but need to adopt a more industry focussed approach as different sectors have different needs. For example retailers will focus on credit card security and protecting infrastructure while financial institutions and healthcare providers are more concerned with data security.

What is the awareness of the risk?

This has become a hot topic that’s rising up the corporate agenda. And a lot of companies have embraced outsourcing – including cloud computing – and there is now more interest in the risks and consequences for data security. Recent breaches like those at Sony, Epsilon and the International Monetary Fund have also highlighted the issue.

Are they aware of the insurance product?

Buyers are increasingly sophisticated and demand for cyber insurance products is well established, especially in the US where robust regulation has increased awareness. But insurers are at the end of the risk management chain, and companies need to have identified and mitigated the risk before they consider risk transfer to insurers.

Are risk managers taking on cyber?

Recent breaches show that there is still a lot of work to be done in this area. Part of the problem is that many companies do not recognise that they have a significant exposure. There is still a lot more that can be done to improve the risk and lessen the impact of a data breach. For example, encryption of personal data is a basic precaution, but we hear reports of unencrypted data going missing through lost laptops and data breaches.

What are the challenges for insurers?

The challenge for insurers is how insurance is perceived by IT departments. There needs to be recognition that networks cannot be 100% secure and that insurance can protect the IT budget. If there is a requirement to notify customers of a data breach the costs can be significant and are typically unbudgeted.

Can brokers and underwriters help risk managers?

Insurers and brokers have a growing role to play in helping risk managers implement cyber risk management protocols, to assist in understanding and improving the risk. Insurers also tend to underwrite to standards and the industry could do more to share these with buyers and help demystify the process. 

Do brokers have enough expertise?

The broker has a very important role to play, and more and more brokers are gearing up to offer expertise in this area. Most brokers do reference cyber risks in discussions with clients, but there is a danger that clients are reluctant to create a new insurance budget for this type of cover.  Without a reasonable depth of knowledge, it can be difficult for brokers to carry the argument for specialist insurance in this area. There are a growing number of specialist brokers that have invested in this area and we have seen a drive by brokers to be better equipped. I expect their knowledge to increase over time.

What about insurers?

Both brokers and insurers can do more to improve their knowledge. As the market grows, insurers will be challenged to maintain their underwriting expertise and knowledge. There does need to be greater dialogue between underwriters and buyers to improve insurers’ understanding of their needs – and work with risk managers on a solution.

 

Comments

No comments