Cyber insurance market booms, but insurers struggle to define policies

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://www.firstpost.com/business/cyber-insurance-market-booms-but-insurers-struggle-to-define-policies-2462138.html

Transferring risk in exchange of a premium makes commercial sense for
businesses and organizations. In the cyber insurance market, several
insurers provide value-added services such as access to a specialist
lawyer, IT forensics experts and crisis management in the event of a data
breach. This further makes cyber-insurance products more attractive, and
also increases the value of the product to customers. Businesses are
increasingly purchasing standalone cyber risk insurance policies to cover
the specific cyber risks. Standalone cyber risk insurance policies fulfill
the limitation of traditional policies by providing insurance cover for
specific risks in a cyber environment. It includes the cost of security or
data breach such as notification expenses, regulatory fines and penalties,
investigation and restoration cost.

Within the cyber insurance market landscape, insurers are collaborating
with cyber security experts to provide robust cyber risk management to the
businesses and organizations. An ideal form of cyber risk management
requires a balance between IT security measures and transfer of risk as an
insurance solution for cyber risk. Insurers' core competency lies in
pricing and underwriting risk, while cyber security experts specialize in
using technology to deal with cyber vulnerabilities. The cyber insurance
market has the ability to offer solutions that cover a broad range of cyber
risks; however, there are certain caveats. Risks faced by the firms tend to
be unique to the industry in which they operate, and this requires the
policy to be accordingly customized. The degree of cyber exposure, the
scale of the organization and the type of data collected are key
determinants of cyber insurance policy terms and pricing.

According to this new research, cyber risk insurance market is experiencing
rapid development, with the size of global gross written premiums growing
from US$850 million in 2012 to an estimated US$2.5 billion in 2014. The
cyber risk insurance market is gaining traction due to a growing number of
cyber attacks and the increasing reliance of businesses upon technology for
operational capabilities and storing data. However, insurance firms are
responding slowly to this rising demand, and there is still number of
imperfections in the market that is leading to a sub-optimal outcome. Total
global losses from cyber crime stood at US$445 billion as of June 2014.
With governments becoming increasingly involved in cyber threats, the
prospect of compulsory cyber risk insurance could become a reality. It
would have a transformative impact upon the market and could create a
strong source of future revenues for non-life insurers.

The demand for cyber insurance in Europe is expected to grow substantially,
once the new General Data Protection (GDPR) law is finalised by the end of
2015. It is expected to come into force by 2017 in all the EU member
states, making data breach notification compulsory. This will likely give
more power to the regulators, along with an increase in penalties - up to
EUR1 million (US$1.3 million) or 2% of company's global annual turnover.
The cyber insurance market in Europe is underpenetrated, with an estimated
worth of US$150 million in gross written premiums in 2014. In comparison,
the US is leading with approximately 90% of the global premiums in the
cyber insurance market valued at US$2 billion in gross written premiums in
2014.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!