Reaping the dividends of Cyber Resilience
Businesses across all sectors are beginning to recognise the importance of cyber insurance in today’s increasingly complex and high risk digital landscape.
In turn, many insurers and reinsurers are looking to take advantage of an opportunity to secure new business with potentially good margins in an otherwise soft market.
Some though are still wary of cyber risk even though there is no doubt that cyber insurance offers considerable opportunities for revenue growth.
Already many insurers are facing considerable cyber exposures within their technology, errors & omissions, general liability and other existing business lines. The immediate priority is to evaluate and manage these ‘buried’ exposures.
An estimated $2.5 billion in cyber insurance premium was written in 2014.13 Some 90% of cyber insurance is purchased by US companies, underlining the size of the opportunities for further market expansion worldwide. In the UK, for example, only 2% of companies have standalone cyber insurance. Even in the more penetrated US market, only around a third of companies have any form of cyber coverage. There is also a wide variation in take-up by industry, with only 5% of manufacturing companies in the US holding standalone cyber insurance, compared to around 50% in the healthcare, technology and retail sectors.
As recognition of cyber threats increases, take-up of cyber insurance in under-penetrated industries and countries continues to grow, and companies face demands to disclose whether they have cyber coverage (examples include the US Securities and Exchange Commission’s disclosure guidance18). We estimate that the cyber insurance market could grow to $5 billion in annual premiums by 2018 and at least $7.5 billion by 2020.
So why is there so much scepticism over cyber insurance? Part of the challenge is that cyber risk isn’t like any other risk insurers and reinsurers have ever had to underwrite. There is limited publicly available data on the scale and financial impact of attacks. The difficulties created by the minimal data are heightened by the speed with which the threats are evolving and proliferating. While underwriters can estimate the likely cost of systems remediation with reasonable certainty, there simply isn’t enough historical data to gauge further losses resulting from brand impairment or compensation to customers, suppliers and other stakeholders. A UK Government report estimates that the insurance industry’s global cyber risk exposure is already in the region of £100 billion4 ($150 billion), more than a third of the Centre for Strategic and International Studies’ estimate of the annual losses from cyber attacks ($400 billion)5. And while the scale of the potential losses is on a par with natural catastrophes, incidents are much more frequent.
As a result, there are growing concerns about both the concentrations of cyber risk and the ability of
less experienced insurers to withstand what could become a fast sequence of high loss events.
This timely report from PWC provides considerable insight on these themes and shares a perspective that will help you understand the challenges that need to be understood to increase your security and the return on investment.