Increasing Demand for Cyber Insurance

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://www.natlawreview.com/article/increasing-demand-cyber-insurance

Due to the number of large data breach attacks in the past few years, more
companies are recognizing how important it is to have cyber insurance
coverage or to increase their coverage, and insurers have been streaming in
to meet the market demand. Cyber insurance is a relatively new product,
that first began being offered in the market in the mid to late 1990’s.
Articles from 2010 discussing cyber security mentioned that there were “a
few carriers” offering stand-alone cyber insurance products. Today,
however, it is reported that there are over sixty carriers offering cyber
insurance policies, with over $2 billion spent on coverage in the market.
By 2020, there are estimates that the cyber insurance market will triple in
growth to about $7.5 billion.

Although the coverage provided by cyber insurance policies varies
significantly depending on the policy, there are several common coverages,
including:

- Liability (defense costs, settlements, judgments)

- Crisis Management (public relations, breach notification, credit
monitoring services)

- Business Interruption

- Loss/Replacement of Electronic Data

- Expenses for Cyber Extortion

- Expenses for Regulatory Compliance

- D&O Management Liability - Cyber Risks

The cost of cyber insurance coverage can vary significantly, and the
premium is typically dependent upon a company’s security practices.
Carriers are interested in the risk management techniques applied by
businesses, not merely the antivirus/antimalware software or whether the
company has a firewall in place. Carriers seek to know whether the business
has a disaster response plan in place, how employees access data and
whether the business has cultural controls in place that will help prevent
the type of activities or fraud that allows data breaches to occur.

Premiums and deductibles for cyber insurance coverage also have been
increasing this past year. Health insurers and retailers in particular
experienced large premium increases, and those companies who were
previously hacked received premium increases that tripled the cost of their
coverage. Carriers are also seeking to limit coverage amounts, in some
cases to $100 million, in order to better limit their exposure in the event
of a major breach, but which could leave a policyholder exposed for
significant losses. Carriers are also imposing stringent conditions on
coverage related to required security policies and procedures. However,
these coverage conditions may lead to coverage disputes in the event of a
claim if the carrier subsequently asserts that a company failed to comply
with the coverage condition.

Many recognize that cyber insurance risk is hard-to-predict and that the
industry may lack the ability to adequately underwrite the risk. Cyber risk
is complex and constantly changing, which makes it very difficult to
evaluate exposure, particularly when combined with the lack of historical
data to properly underwrite and price policies. Additionally, there is an
added concern with respect to risk aggregation, in that a single attack
could potentially affect many companies at the same time, which further
impairs the ability of insurers to assess the risk. However, as the demand
for cyber insurance continues to grow, insurance carriers will continue
gathering the data they need to set appropriate rates and developing new
products and coverage options.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
Need access to data breach details or alerts when new breaches happen? Risk Based Security's Cyber Risk Analytics 
portal, fueled by the RBS breach research team, provides detailed information on how data breaches occur and which 
vendors to trust. Contact us today for a demo.