Video: cyber insurance can offset data breach risk

December 30th, 2016

By Byron V. Acohido

More organizations than ever, especially small and medium-size ones, will seek to account for the fast-rising risk of suffering a cyber attack in 2017 by buying a cyber liability policy.

The general state of security of U.S. business networks remains anemic when compared to the vast and growing capabilities of hackers with malicious intent. Companies are beginning to realize the value of offsetting this risk to an insurance carrier—and insurance companies and underwriters recognize a golden goose when they see one.

The fledgling cyber insurance market topped $3 billion in 2015, and ABI estimates the global cyber insurance market is swelling at a clip that will top $10 billion by 2020.

Related: Cyber insurance increasingly includes value-added security services

ThirdCertainty sat down with Tim Francis, cyber insurance enterprise lead at Travelers Bond & Financial Products, and Graeme Newman, chief innovation officer at CFC Underwriting, shortly after the pair spoke on this topic at IDT911’s Privacy XChange Forum 2016 this fall. Here’s their forecast. (This text has been edited for clarity and length.)

LastWatchdog: Could you frame the emerging cyber insurance market for us?

Graeme Newman, CFC Underwriting chief innovation officer
Graeme Newman, CFC Underwriting chief innovation officer

Newman: The cyber insurance market has been around for 15 or 16 years now, which in insurance terms, is a short period of time, but it’s growing fast. It’s very much U.S. dominated, and it also falls into some specific industry verticals. You get a lot of buyers in the financial services, within retail and within health care. But that’s starting to change.

Francis: Part of what’s driving this shift into different industries, and also smaller-size companies, is the recognition that cyber is not just a product for companies with large amounts of data. A lot of coverages go beyond that to things like business disruption, which could affect any company virtually. For instance, ransomware has nothing to do with the excavation of data.

LastWatchdog: What are some of the obstacles?

Newman: The value proposition has been poorly articulated. But that’s getting better as we get more buyers, as we see more claims examples, and as we see many more people get affected by things like ransomware. So that leads to growing awareness and to development of the product.

Francis: There has been a lack of awareness. That lack of awareness is starting to be eroded, largely driven by agents who are now recognizing their customers’ needs and beginning to understand that there are gaps in traditional coverage. … The agents have gotten much more comfortable in understanding coverage differences and in selling cyber policies, and I think that’s helped spread the market.

Newman: The insurance market for the past 300 years has focused on insuring tangible assets: physical buildings, plants and machinery. But the world has changed. The value of the world’s intangible assets—the information, the data, the intellectual property—now exceeds the value of the world’s tangible assets. And yet the vast majority of the world’s insurance vendors are still focused on protecting the tangible. The cyber insurance market is developing to plug that gap.

LastWatchdog: Cyber threats are complex; hackers seem to be endlessly innovative.

Tim Francis, Travelers Bond & Financial Products cyber insurance enterprise lead
Tim Francis, Travelers Bond & Financial Products cyber insurance enterprise lead

Francis: That’s right. Any company or organization that relies on technology or collects data has some element of cyber exposure that a cyber insurance product of some sort would likely be a good purchase for. I can’t imagine a company in today’s day and age that doesn’t use technology, doesn’t have some level of data, that won’t be hurt if that data goes missing or if their systems are inoperable for some period of time.

Newman: We’re not trying to insure the economic value of bits of information. I think this is where buyers can get confused. It’s very much like property insurance; we’re insuring the rebuild value. If your data gets lost, damaged or corrupted, we’re paying the cost of restoring and repairing that data.

LastWatchdog:If I’m a company in the market for a policy, how should I approach it?

Francis: You should look at it very opportunistically. Right now we’re in a buyers’ market. There are lots of different carriers that offer some level of coverage regardless of what industry you’re in, regardless of your revenue or your number of employees. There’s likely to be numerous insurance options available.

It’s important to connect with an agent that’s familiar with this line of insurance, and that population is growing daily. It’s also helpful to understand there are certain things you might be able to do up front to help make your cybersecurity posture better going into this process. Talking to a professional who can help guide you through this process is important.

More stories related to cyber insurance:
Challenges and opportunities ahead for cyber insurance industry
As hacks mushroom, all signs point to boom in cybersecurity insurance
As threats multiply, cyber insurance and tech security industries start to merge