The cyber insurance market is a potentially huge, but still mostly untapped one. Organisations of all sizes are starting to understand the importance of cyber insurance in today’s complex and volatile risk landscape.
Sarel Lamprecht, MD of specialist cyber insurance provider Phishield, says alongside this, insurers are looking to cash in on this market as it promises high margins. “However, many are still cautious about the cyber risk market. After all, it’s not easy to weigh the risks, bearing in mind the variables, and of course, damages that are very hard to put a monetary value on, such as loss of client confidence or damage to reputation.”
He says the reality is that cyber insurance is set to become a customer expectation, and insurers who have not jumped on the bandwagon will lose out to their competitors who have. “Data breaches are a stark reality today. Businesses who want to keep their doors open need to learn to better manage the risks related to an attack, and lower the impact should one occur. Remember, the costs associated with a breach are getting higher and higher too. Individuals, too, are starting to look at adding cyber insurance to their other policies.”
Lamprecht adds that as the expense of dealing with an attack gets higher, the cost of using cyber insurance will become a better value proposition. “Up till now, many insurers have been shy of offering this type of coverage, because they haven’t fully comprehended the depth of the risk they were assuming. This is mainly because of the lack of information available, and on the other side, consumers who haven’t really understood the benefits of risk transference.”
However, as the number of data breaches rises daily, this is set to change. Lamprecht says that cyber risk coverage includes a multitude of elements. For example, the costs of crisis management in the event of a breach, the expenses related to the management of an incident, the forensics, the remediation, notification, legal costs, court attendance and of course any regulatory fines that may be applicable.
There might also be cover for third-party damages, extortion liability and similar. This is all over and above the costs should actual money have been stolen by the hackers.
Because this cyber insurance market is in its infancy, many insurers don’t fully understand the technicalities involved, or how to deal with, and put a monetary value to, a data breach. For many insurers and brokers, the technicalities of information security and the details of how to deal with a data breach are still a mystery. “The market for cyber liability products is also in its infancy, so be prepared to work with your provider to ensure that you get what you actually require,” Lamprecht adds.
He says a good place to start is to figure out what costs or expenses you would need to be covered and in the event of what types of incidents. “Make sure all stakeholders are involved in this process, and get all the information you might need from third-party partners and suppliers. Bear your costs in mind, as well as any costs that third-party partners might try to claim from you should an incident occur.”
Finally, he says to look at measures that can be implemented to lower premiums. What security controls can be put in place? What can you do to limit the risks? Will premiums reduce for each period in which there are no claims? What policies should be in place regarding the use of cloud, or BYOD? What about acts by malicious insiders? Will customers have to provide evidence of compliance?
“No two organisations are the same when it comes to cyber risks, therefore it is crucial to understand the cyber risks your customers face and to ensure the cyber policy is specifically tailored to meet those risks,” he concludes.