The global cyber insurance market could grow to $5bn in annual premiums by 2018 and at least $7.5bn by the end of the decade, according to “Insurance 2020 & beyond: Reaping the dividends of cyber resilience”, a new report issued by PwC at the Monte Carlo Reinsurance Rendez-vous this week.
Previous PwC research revealed that 61% of business leaders across all industries see cyber attacks as a threat to business growth, and last year saw an average of 100,000 global security incidents a day.
Matthew Britten [pictured], PwC Bermuda managing director, Insurance, said, “For the insurance industry, cyber risk is in many ways a risk like no other. It is equally a potentially huge, but still largely untapped, opportunity for insurers and reinsurers.
“There is no doubt that cyber insurance offers considerable opportunities for revenue growth – and for Bermuda reinsurers to demonstrate their ability to provide innovative solutions as awareness and demand for insurance coverage grows.”
Insurers who wish to succeed will base their future coverage offerings on conditional regular risk assessments of client operations and the actions required in response to these reviews, the report says.
A more informed approach will enable insurers to reduce uncertain exposures whilst offering clients the types of coverage and attractive premium rates they are beginning to ask for.
Businesses across all sectors are beginning to recognise the importance of cyber insurance in today’s increasingly complex and high risk digital landscape. But if the industry takes too long to innovate, the report says, there is a real risk that a disruptor will move in and corner the market with aggressive pricing and more favourable terms.
“Many insurers and reinsurers are looking to take advantage of what they see as a rare opportunity to secure high margins in an otherwise soft market,” Mr Britten said. “Yet many others may still be wary of cyber risk due to limited historic data and the challenges in evaluating and pricing the risk.
However, cyber insurance could soon become a client expectation and insurers that are unwilling to embrace it risk losing out on other business opportunities if cyber products don’t form part of their offering.”
The report says that insurers also need to continue to invest appropriately in their own cyber security – a business which can’t protect itself can’t expect policyholders to trust them to protect and advise them. Given the huge volume of medical, financial and other sensitive information they hold, it is critical that insurers have closely monitored, highly effective cyber security frameworks in place.
Sustaining credibility in the cyber risk market is crucial when looking to become a leader in this fast growing market. If this trust is compromised, and with innovative competitors knocking on the door, it would be extremely difficult to restore brand reputation, says the report.
PwC suggests that insurers, reinsurers and brokers can capitalise on the cyber risk opportunity whilst managing the exposures by:
- Maintaining their own cyber risk management credibility through effective in-house safeguards against cyber attacks
- Robustly modelling exposures and potential losses will provide a better understanding of the evolving threat and could encourage more reinsurance companies to enter the market:
- Identifying concentrations of exposure and systemic risks in an increasingly interconnected economy
- Evaluating Probable Maximum Losses and extreme events/scenarios, and monitoring and modifying these regularly as new types of attack arise
- Assessing and monitoring trends in frequencies and severities of attritional and large losses, and in the types of attack being perpetrated
- Partnering, sharing and coordinating:
- Partnering with technology companies and intelligence agencies to develop a holistic and effective risk evaluation, screening and pricing process
- Data sharing between insurance companies to secure greater pricing accuracy
- Finding a risk facilitator [possibly the broker] to bring all parties [corporations, insurers, reinsurers, policymakers] together to coordinate risk management solutions, including global standards set for cyber insurance
- Making coverage conditional on a full and frequent assessment of policyholder vulnerabilities and agreement to follow agreed prevention and detection steps
- this could include exercises that mimic attacks to highlight weaknesses and plan for responses
- Replacing annual renewals with real time analysis and rolling policy updates
The full report can be found here.