Are companies ready for cyber incidents?
Most companies are much better prepared for hurricanes and earthquakes than any cyber attack. According to figures from AIG, only about 55% of Fortune 500 companies have cybersecurity insurance. For the majority of enterprises, the figures are even lower: just 35% of small to medium-sized businesses are insured against cyber attack.
When you look at the statistics on cyber attacks that have recently been reported in Australia, which indicates that cybercrime attacks have increased by 300% from 2015 and most of the smaller companies that face a data breach go out of business within six months of the breach.
According to figures from CFC Underwriting in the UK, a cyber liability specialist, privacy breaches are one of the main types of attacks being claimed. The firm stated that in 2016 it had handled over 400 claims on cyber-breach policies it had issued.
Keynote international speaker at the Cyber Insurance Conference in Sydney this December, Graeme Newman, Chief Innovation Officer at CFC Underwriting said:
“Claims on CFC policies were up 78% on 2015. About 90% of our claims by volume are from businesses with less than £50m in revenue,” he said, adding that a “disproportionate” number of claims were being made by British firms.”
In Australia, data breach reporting has significantly increased since the Mandatory Notifiable Data Breach Scheme was introduced in February 2018. (See graph below)
So how are claims responding to these incidents?
The Cyber Insurance challenge
The cyber insurance space is still in its beginning stages of growth. While many policies are currently available, many offer a lot less coverage than buyers would like.
A common problem with the current cyber insurance market is the lack of standard policies. Another issue facing insurers and organisations today is the lack of visibility in understanding cyber health, making it a challenge to quantify and understand premiums.
“The cyber-insurance industry is relatively new and it’s evolving. It’s a bit different from other insurance offerings because the cyber environment is always changing. There are new threat vectors being pushed out daily and that makes it difficult for insurers to calculate the potential losses. At the moment, insurers are relying on historical data to rate premiums and calculate probable loss events and I don’t think that approach to underwriting is sustainable long term. I think it’s that unpredictability that makes people like Warren Buffett uncomfortable with the market.” – Paul Waite, Director at from Cyberplus
The role of the Cyber Insurance broker
Many companies often look to cyber insurance brokers for help due to the complexity of the insurance needs. Their job is essentially to get the best terms and conditions for their clients.
According to a recent study conducted by Fox Rothschild, employee error is often not excluded from coverage, the sublimits will cover potential fines and that companies know which costs related to business interruption will be covered.
“Working with a broker or with legal counsel ensures that you have a much more effective policy in place – one that will offer broader and better coverage for your company’s needs.” – Mark G MCCreary chief privacy officer, Fox Rothschild LLP.
So what can cyber insurers & brokers do to support clients pre-policy?
In Australia, cyber insurance leaders examined the question of what more the industry itself should be doing in its efforts to address the growing cyber risk
Here are a few tips for cyber insurers:
- Collect better data from insureds on their security practices
- Help your clients improve their security practices and their organisations’ cyberculture
- Offer financial incentives based on factors such as whether the organization has a dedicated information security team
- Ensure clients have a good reporting system of how the organisation handles routine IT management such as software updates or patches to software
Michael Parrant, Cyber Insurance Practice Leader at Aon will be sharing insights on implementing pre-loss advisory & broker/client education to manage insurance risks at the Cyber Insurance Conference on 4th December 2018 in Sydney,
Don’t miss the chance to tackle the cyber insurance challenges with the experts.