By Modestus Anaesoronye | Business Day
Cyber attacks were once again in the spotlight in 2017, with increasing frequency and severity, offering plentiful opportunities for growth of insurance, especially in small and medium-sized companies, according to A.M Best report.
The WannaCry and NotPetya ransomware attacks and the Equifax data breach received significant media attention and affected millions of people and businesses. The NotPetya attack in particular highlights the growing business interruption exposure associated with cyber risks. Also, in October 2017, Yahoo! updated its 2013 data breach tally from one billion to three billion of its accounts, potentially making this the most substantial, most extensive cyber breach ever recorded.
These events highlight the vital need for cyber insurance, but the market is bifurcated. On the one hand, national accounts and Fortune 500 companies seem to be embracing the need to partner with insurers and brokers as a way to counter cyber risks.
Financial institutions and healthcare companies are acutely aware of their cyber exposures and are increasing their coverage. Average policy limits are rising, with some of the largest companies’ coverage towers above the half-billion dollar mark.
On the other hand, the take-up rate for small to medium-sized enterprises (SMEs) remains in the low teens, presenting an area where insurers would like to see growth.
In 2017, cyber packaged policies in force increased 28 per cent, some of which was due to the addition of affirmative cyber coverage to packaged policies. This increase is significant, but this is still something of a fledgeling business, and an increase of this magnitude, while material, does minimal to close the protection gap. However, interest from SMEs does seem to be gaining traction, and capacity from insurers is ample.
In the short term, despite the inherent challenges in managing aggregations and pricing, we believe the cyber insurance market presents a favourable opportunity for insurers. Demand is expected to grow due to the accelerating adoption of technology and the increasing awareness of cyber risks, especially among SMEs. Given the abundant supply of capital and the cautious growth strategies of insurers, we expect the overall exposure of the property and casualty industry.
However, as insurers expand their cyber offerings, they will need to be prudent in establishing underwriting standards and limits, and exercise appropriate risk management and mitigation measures to ensure that these exposures remain aligned with the company’s risk tolerances and appetites.
The extent to which an insurer grows its cyber business should also lend to a broader understanding of this relatively new risk and a company’s ability to aggregate, monitor, and manage its exposure in various scenarios. Data quality is a crucial factor when insurers provide information to regulators, other stakeholders.
Overall, cyber insurance take-up remains low, as SMEs remain complacent about these risks, under two assumptions: that hackers target only more prominent businesses such as Target or Home Depot or that they already have coverage under another policy when they might not. However, this sentiment and tepid interest in cyber insurance among SMEs may be changing, in light of the near daily reminders of cyber-threats, attacks, and breaches feeding social media.
Pricing is another factor, as more business owners see the cost benefits and also realize their vulnerabilities due to their interconnectivity with vendors, suppliers, and customers.
A data breach is only one factor in cyber risk, however many SMEs may be underestimating business interruption risks, and the impact on smaller enterprises of business interruption could be much higher, as they may not be as resilient or diverse as national account clients.
Source: Business Day By Modestus Anaesoronye
Edited for ILSTV