2019 Predictions: A sea change in cyber insurance

No surprises that cyber insurance will continue to develop in 2019. While big brand data breaches catch the headlines, the need for a cyber insurance to protect all sizes of business and organisations is clear, and the need for a cyber insurance market is obvious. However, we do need to have a sea change in how cyber policies are written and managed in 2019.

It remains true today that current cyber policies only protect a limited portion a company’s actual cyber risk. Glaring coverage gaps include supply chain exposure, reputational risk, and theft of intellectual property. Quite obviously products need to be developed to help protect customers from these threats.

However, in order for cyber insurance to keep ahead of trends in cyber attacks and regulatory compliance, we need to see some heavy re-engineering of how insurers write policies and handle claims. 2019 must see greater progress on this, to ensure that insurers do not find cyber risk insurance more a problematic than prosperous endeavour. Carriers must find better ways to understand risk, because projected cyber losses can be so huge.

In late 2018, AM Best modelled cyber catastrophes in a series of stress tests for insurance providers in a future, more mature cyber insurance market in 2022. The stress tests suggested a cyber catastrophe could generate meaningful to significant gross losses for three of the top 20 cyber insurance providers in 2016, ranging from 15% to 119% of these companies’ estimated 2022 policyholder surplus at the 1 in 200 year event level.

The rewards and risks of 2022 for insurers are not so far away. This makes 2019 a pivotal year for an industry seeking new revenue streams from helping customers mitigate risks when others – like motor insurance – may continue to decline.

Cyber insurance cannot stay the same in 2019. It must continue to move from a reactive and remedial approach to a proactive, service-oriented, and loss prevention approach.

We are, however, entering a third phase in the way cyber insurance will be used to manage risks holistically. The most sophisticated businesses will optimise their investments across pre-loss mitigation activities and balance sheet management activities, which of course involve cyber coverage. The tools used by insurers to understand cyber risks will have to consider the economic implications of potential security breaches. This third phase will involve a subtle transition from a 'compliance' to an 'economic impact' mindset in how cyber understood and insured.

    Share Story:

Recent Stories