Emerging Insurance Trends – Cyber Risk Insurance Still in Its Infancy
Summer 2017 did not start well for Maersk. The world’s largest container shipping company fell prey to the NotPetya malware attack. Its container ships were stuck at sea, and 76 of its port terminals around the world were closed for business. 8 days of interrupted business cost Maersk almost 300 million USD in loss of revenue, IT restoration costs and other expenditures linked with the incident.
Cyber risks are a real threat, and demand for insurance protection for commercial lines of business is growing rapidly. For retail clients, offers of insurance coverage against cyber threats, and the clients' awareness of such risks, are still in the early stages. For commercial lines of business, the biggest risk is business interruption. To truly and effectively help clients protect their business, insurance carriers must first overcome some barriers.
Key cyber insurance challenges
Cyber insurance is a complex line of the insurance business, as it demands a great deal of knowledge from all of the stakeholders involved.
It is very difficult to buy cyber insurance; it is hard to know what risks you might be exposed to, what type of coverage would best suit your profile, and what the possible results of the realisation of such risks could be. Compare this to motor insurance, where we all understand what theft, traffic accidents or natural disasters mean for us and what advantages we get by insuring against such events.
It is very challenging to sell cyber insurance as well; the agent must understand and explain the technical aspects of cyber threats, be able to discuss issues with technical personnel and those responsible for IT security, and follow the latest developments in the cyber-crime domain.
It is also difficult to underwrite the risk; you must be an expert in the field of IT security, must gain insights into the IT organisation and preventive measures of the potential client, and understand how to deal with accumulated risks.
In the end, resolving a cyber claim is not just about paying for the damage, but foremost it is about finding a way to help the client fight the cyber-attack and thus minimise their own exposure.
The root cause of the problem is that the subject matter is complex, the evaluation of the real risk for a specific client needs thorough evaluation, and – the actual risk itself is constantly changing, as new ways to exploit our cyber presence are created.
Addressing the challenges
A clear understanding of cyber risk is the first step to take when helping the client to decide how severe the cyber threat is, and how best to mitigate it. On the other hand, this information is also valuable to the underwriter to understand the risk complexity.
With the increased spread of cyber risk, solutions have become available that help alleviate part of the burden from all parties involved. Automated Risk Assessment tools can help bridge the gap between the technical details of the cyber risk and all the stakeholders, and help simplify communication between them.
As the next step, an integrated IT ecosystem can simplify, streamline and automate complex process steps. A modern and flexible core insurance platform such as AdInsure integrates seamlessly with other IT systems in the IT landscape of the insurance carrier (agent portals, self-care portals, Automated Risk Assessment Tools, Fraud Detection etc…) to offer automated underwriting, policy administration and claims-handling business processes;
- Risk assessment reports can be produced automatically to evaluate the current state of Cyber protection; help clients, agents, and underwriters understand the robustness of existing security measures and the preventive measures that can be taken; and possible terms and conditions for a specific policy.
- Regular check-ups can help monitor the state of cybersecurity during policy validity, automatically adjusting the coverage and thus managing the risk for the insurance company and the client in a more comprehensive manner.
As a risk prevention method, insurance carriers can offer specialised services in the form of regular in-depth risk assessment of a client’s IT resources during the coverage of the insurance policy. The client can benefit from the reduced premium, and the insurance company can avoid possible and much more costly claims payments.
Finally, if the risk actually materialises, the first step is to help the client overcome initial panic and limit the damage. A clear understanding of the problem and a fast response from dedicated, highly-specialised IT experts are of paramount importance when helping the client return to their normal business operations.
Cyber security, with its ever-evolving nature presents a host of challenges for companies, carriers, and software vendors, but - as the world becomes more and more connected – such security has the potential to become one of the most sought-after insurance lines.