Navigating the next two years in cyber insurance

Originally published in Insurance Post

‍

Cyber insurance has grown over the past few years and is one of the sub-sectors within insurance that is expected to grow significantly over the next 5 years. Many insurers and MGAs are taking big strides in the space, yet demand from certain segments in the market is still lagging. Why is that the case and how do we expect the market to move across insurers, MGAs, brokers and companies?

‍

The first years of this decade have been pivotal to how our current world operates.

The new normal we are all now accustomed to caters for hybrid working, and more companies expanding their digital operations to allow remote access to their systems and data.

The most secure route is through a VPN, yet many companies still allow their employees to access their systems directly through the internet.

While technological advancement has accelerated human development in many ways, it also introduces many new cyber risks.

Some of the main ones are data breaches, malware, ransomware attacks, phishing and unauthorised access of their systems.

The direct and indirect financial losses to companies in the event of cyber risks can be substantial.

Some of these losses include direct costs due to ransomware attacks, costs of restoring data and systems, business interruption costs and revenue losses, legal and compliance costs arising specifically due to data breaches and regulatory fines, critical data losses, and last but not least, the reputational damage that could lead to loss of customers or partners.

The first line of defence against cyber risk is risk assessments.

Many of the best cyber insurance companies are now also cyber security companies, which assist companies in improving the integrity of their systems before an incident occurs.

As the saying goes, prevention is better than cure. Complete risk assessments are recommended to include vulnerabilities, threats, security and the business impact, among others.

Brokers’ role, in their advisory capacity, is to help their clients complete their risk assessments, provide them with information about the latest trends and threats in the market, and explain different policy options.

This is an educational process with small to medium-sized businesses that are currently underinsured, as their perception of the actual risk differs from reality.

Brokers can help highlight the importance for their clients to be prepared, and to have a plan in place in the event of a cyber incident.

As the cyber environment changes - and it undoubtedly will given the pace of technological advancements - brokers need to stay well informed to help tailor cover for their clients.

At the moment, advising small to medium-sized companies may seem like an uphill battle. This is mostly due to lack of awareness and incorrect assumptions that their companies are too small to be targeted and that the cost therefore doesn’t justify the return. However, we’ve seen trends like this evolve in the past.

More companies now protect their human assets via management liability policies in a similar manner to protecting their physical assets via property or commercial combined policies. This was deemed to be a luxury years ago.

We expect the same trend to continue with cyber insurance, as the perception of risk changes, regulation evolves, and a more holistic view is taken on protecting companies’ financial and intangible assets.

Cyber is one of the fastest growing segments within insurance, and various players across the value chain are well on their way to capitalising on this large opportunity over the next critical 24 months.

Comprehensive risk assessments are being introduced to the market, new products and wordings are being launched, and a renewed advisory approach is being taken by modern brokers.

One thing is for sure: the cyber market will look very different in 24 months than it does today. It’s no wonder many leading insurers, MGAs and brokers are taking big strides right now to prepare themselves.

‍