The cyber insurance market in 2019

The cyber insurance market in 2019

Published on: 4/11/2019

According to the 2019 emerging risks barometer, established by the French Federation of Insurance, cyber risk appears to be a major risk for insurance and reinsurance companies. This survey forecasts an increase in frequencies and intensities of cyber claims for 2020.

Cyber risk is a complex hazard of evolutionary and multifaceted nature. This emerging threat, whose consequences are as disastrous as natural disasters, is a difficult risk to model. Its impact is not easy to quantify because an attack can simultaneously affect a multitude of targets.

In just a few seconds, the networks and computer servers of millions of businesses can be infected all over the world. An attack can also paralyze whole cities for long periods of time, ending up with a massive theft of personal data.

Such attacks led some analysts to characterize cyber-attacks as the new systemic risk.

Figures on the cyber insurance business

Still small, the cyber insurance market is currently held by extremely cautious insurers. They are up against an evolving and exorbitant risk that is difficult to grasp. Moreover, the absence of any claim history is likely to result in a totally unsuitable premium.

Despite these obstacles, cyber insurance is growing at a steady pace. According to Munich Re data, the market is estimated at 3.5 billion USD at the end of 2018. Concentrated in the United States, the cyber-insurance is poised to double its turnover by 2020 and reach, according to the German reinsurer, 20 billion USD in premiums by 2025.

Faced with the complexity of this risk, solutions have increasingly, been developed by major market operators. Swiss Re has recently launched a new product called "Decrypt". Together Chubb and AXA account for more than 30% of cyber risks in the US market. Trust Insurance Management, a Bahrain-based risk management company, has also begun underwriting cyber plans from companies in the Gulf Cooperation Council countries.

To date, the loss experience generated by this risk has been well managed by the market. An increase in premium rates for cyber contracts has been reported since the WannaCry and NotPetya attacks. Overall, rates rose by more than 50% in 2019.

Cyberinsurance: Ranking of cyber incidents according to the insured’s claims

Type of cyber incidents Share of claims
Email compromise/email hacking
23%
Ransomwares (1)
18%
Data piracy
14%
Violation of data due to employees' negligence 
14%
Identity theft
8%
Other viruses/infections linked to malware 
6%
System failure/breakdown
5%
Loss or theft of data
5%
Others (2)
4%
Other non ransomwares
3%

* Study conducted by AIG in the EMEA (Europe, Middle East and Africa) region analysing claims received in 2018
(2) Ransomware: ransom or extortion software
(3) Denial-of-service attacks

Cyberinsurance schemes

Cyber risk can be covered in two ways; either through a traditional policy or through specific plans.

  • Traditional or implicit "silent cyber" policy

This is a conventional fire/accident or liability insurance policy that does not include explicit exclusion of computer risk. This coverage is said to be silent. Other cyber guarantees can also be included in this classical plan.

This type of coverage is causing concern among market players. Lloyd's has recently expressed concern over policies that do not explicitly rule out cyber risks. It even called on members to clarify their insurance and reinsurance contracts. As of 2020, they will have to mention explicitly whether the cyber risk is covered or not, accurately specifying the level of coverage.

Allianz and AIG have taken the same measure with their respective entities.

  • Specific or affirmative coverage

This is a specific insurance plan that covers cyber incidents. This policy accompanies the insured before, during and after the occurrence of the attack. It covers the cost of repairs (software and data), the shutdown of operations and even damage to reputation and personal data.

Limitations of cyber coverage

The cyber insurance policies are dismissed to be:

  • hardly clear, too generic, containing several exclusions,
  • not adapted to the profile of the insured.

Source: Atlas Magazine

Tags: ,

Posted in .