Cyber Should Be Standalone Insurance

Uploaded on 2017-05-03 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-Financial

Treating cyber risk as a standalone insurance market holds the promise of unlocking the potential for meaningful coverage for both insurers and buyers. That is according to a new report by JLT Re and JLT Specialty Limited.

According to the report released at the 2017 annual Risk Management RIMS Conference, buyers are clamoring for better cyber products to address the growing and complex risks of cyber, while underwriters are being cautious over concerns around “unquantified cyber exposures potentially buried in traditional policies.”

JLT said it believes considering cyber as a standalone line of business rather than a peril will result in more resilience to cyber risk in the re-insurance market and this shift will benefit insurance buyers in the form of “greater certainty, expertise, capacity and stability from the re-insurance market in a complex and growing risk area.”

“Cyber exposures have grown considerably for companies of all sizes and domiciles in recent years, causing business costs to rise sharply,” said David Flandro, global head of Analytics, JLT Re.

“Companies face challenges in understanding their exposures and the type of insurance cover needed as the underlying drivers of cyber risks frequently change, requiring insurers and brokers to explain and quantify these exposures as clearly as possible. Increased coordination and collaboration between key markets will be crucial in meeting evolving demands and unlocking the huge potential associated with cyber for the benefit of companies and carriers alike.”

Standalone policies would help eliminate the risk of silent exposures and, ultimately, make the market more resilient.

JLT notes that insurance approaches for cyber risk can differ considerably from one company to the next, a reflection of the view that cyber can either be considered a peril that falls within traditional property/casualty products or a line of coverage in its own right.

JLT views a standalone cyber market as a way to address both buyers’ changing needs and insurers’ uncertainty.

“As more premiums flow into the standalone market, carriers will be able to evaluate and price risks more accurately as good-quality claims data and sophisticated modelling tools become increasingly accessible,” said Sarah Stephens, head of Cyber, Technology and Media E&O for JLT.

“This, in turn, will help ensure the market is better placed to trade through future systemic losses by encouraging innovative reinsurance and insurance-linked securities (ILS) structures.”

Stephens said governmental support is also likely to be needed in back-stopping some of the more catastrophic loss scenarios.

She said a more robust cyber market, with comprehensive, standalone policies at its core, would also help “eliminate the risk of silent exposures and, ultimately, make the market more resilient to future catastrophic cyber losses.”

She said given the strong likelihood of a major cyber event in future, the market needs to prevent a situation where (re)insurance buyers are faced with a dearth of capacity as happened in the aftermath of the 9/11 attacks.

Given the complexity of cyber risks, access to reinsurance capital is essential in alleviating the primary market’s aggregation burden and supporting the innovative cover needed for future cyber risks, according to JLT.

“There is sufficient reinsurance capacity for the current cyber insurance market and increased reinsurer appetite for cyber risk bodes well for long-term growth prospects,” according to Chris Bennett, partner, London Market and International Non-Marine, Cyber Treaty for JLT Re. “New approaches have emerged in recent years as competition between reinsurance companies has stiffened, making non-proportional structures such as excess-of-loss, stop-loss and aggregate covers as commonplace today as the more traditional quota share arrangements.”

The report notes that cyber risk has changed since the first policy was underwritten around the turn of the century and it claims the market now needs to respond decisively to the changing scale and scope of cyber risk. For example, data breaches have become more frequent in the last five years, with the number of reported data breaches globally rising by more than 300 percent.


 
Number of Global Reported Data Breaches and Records Lost – 2011 to 2016
(Source: Risk Based Security/Cyber Risk Analytics)
 
The report also cites considerable concern over the scalability of the risk, where one cyber event is capable of triggering multiple claims under different policies at national, or even global, levels. As technologies become further embedded in the operations and strategies of organisations across all geographies and sectors, malicious actors will increasingly look to exploit the vulnerabilities associated with innovations such as the Internet of Things, cloud computing, autonomous vehicles, machine automation and connected devices.

“Market participants have begun to explore how catastrophic cyber risks such as systemic cloud service provider failures or targeted cyber-attacks on power grids could impact businesses and risk carriers,” said Flandro.

“These efforts have highlighted the real potential for multi-billion dollar (re)insured pay-outs. Products designed to mitigate such systemic cyber risk accumulations are less readily available, but considerable progress can be achieved by drawing on the expertise that exists in the standalone cyber market.”

Insurance Journal:

You Might Also Read:

Cybercrime Cost The Global Economy $450Billion In 2016:

Insurers Get Much More Cautious About Cyber Risk:

Cyber Insurance: 7 Questions To Ask:

UK Parliamentary Committee Wish To Penalise CEOs for Cyber Breaches (£):

Why SMEs Need Cyber Insurance:

 

 

 

« Intelligence Agency Backs Start-Up Spy Apps
US vs. North Korea Cyberwar Underway »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Zerto

Zerto

Zerto provides enterprise-class disaster recovery and business continuity software specifically for virtualized data centers and cloud environments.

Cognizant

Cognizant

Cognizant offer services and solutions for IT Infrastructure Security, Enterprise Mobility and Internet of Things.

Cyber Command

Cyber Command

Our Managed IT service allows clients to offload the management of day-to-day computer, server, and networking support to our team of professionals.

Nuvias Group

Nuvias Group

Nuvias Group is a specialist value-addedd IT distribution company offering a service-led and solution-rich proposition ready for the new world of technology supply.

Ponemon Institute

Ponemon Institute

Ponemon Institute conducts independent research on data protection and emerging information technologies.

Clavis Information Security

Clavis Information Security

Clavis is an Information Security company offering a complete portfolio of solutions from Pentesting and Security Assessments to Managed Security Services and Training.

Data Security Inc

Data Security Inc

Data Security, Inc. is the leading American manufacturer and supplier of hard drive degaussers, magnetic tape degaussers as well as hard drive and solid state destruction devices.

CYBER.ORG

CYBER.ORG

CYBER.ORG's goal is to empower educators as they prepare the next generation to succeed in the cyber workforce of tomorrow.

Corsha

Corsha

Corsha is on a mission to simplify API security and allow enterprises to embrace modernization, complex deployments, and hybrid environments with confidence.

Chicago Quantum Exchange (CQE)

Chicago Quantum Exchange (CQE)

Chicago Quantum Exchange is an intellectual hub and community of researchers with the common goal of advancing academic and industrial efforts in the science and engineering of quantum information.

DKBInnovative

DKBInnovative

DKBinnovative is a best-practice driven IT management firm that provides secure, reliable IT solutions to productivity-focused clients around the globe.

Q6 Cyber

Q6 Cyber

Q6 Cyber is an innovative threat intelligence company collecting targeted and actionable threat intelligence related to cyber attacks, fraud activity, and existing data breaches.

Private Client Cyber Security (PCCS)

Private Client Cyber Security (PCCS)

PCCS provides enterprise-grade cybersecurity consulting and services to professional practices, executives, athletes, and high net worth families.

Rootshell Security

Rootshell Security

Rootshell Security is transforming vulnerability management with its vendor-agnostic Prism Platform and industry-leading offensive security assessments.

Globesecure Technologies

Globesecure Technologies

Globesecure Technologies is a networks and cyber security company. We are here to resolve business security challenges and secure the digital transformation journey of our clients.

CrashPlan

CrashPlan

CrashPlan delivers secure, continuous endpoint backup and recovery for businesses of all sizes.