Cyber Insurance: Do we need?

As the pace of Digital Transformation got accelerated in the past one year, largely due to the operational needs induced by COVID-19, one question which has definitely crossed the minds of most of the CXOs and boards of all sizes is "Should we have buy some kind of risk cover for Cyber Threats", essentially- Cyber Insurance. There are multiple reasons for this perceived need:

1. A lot of new Digital Processes/IT systems introduced by the companies have not matured or time-tested hence, the companies do carry certain cyber risks.
2. Both the capacity and security of IT systems have been brought sharply into focus with  the rise in cyber criminal activities.
3. Cyber losses have risen nearly Six-fold worldwide in the past year, according to the 2020 Cyber Readiness Report by Hiscox
4. Legal data protection requirements are being tightened worldwide. There are now laws protecting consumers against data loss or misuse in US and EU. The introduction of the EU General Data Protection Regulation (GDPR) has promoted an awareness of data security, both in Europe and beyond. 
5. The extent and cost of cyber attacks are being made public more often

There's no doubt that "Cyber insurance" will gradually play a key role in helping the enterprises become more cyber-resilient by providing different services, both before and after an incident. It will foster an appetite for innovation in the areas of digital technology by providing the risk protection. According to a report from MunichRe, overall, there is a significant rise in global IT investment in cyber security, the estimated figure will be approximately USD 400bn in 2025, which corresponds to a fourfold increase in the space of a decade. This will also create a demand for Cyber insurance. For 2020, Munich Re estimates that the global cyber insurance market is worth over USD 7bn with North America itself of USD 5.3bn and European cyber market at more than USD 1bn.

Top ten Insurance Companies offering stand-alone Cyber Insurance in the US are AXA, AIG, Travelers, Beazley, Zurich, BCS, Fairfax, Tokio Marine, Liberty Mutual and CNA. Those Packaged cyber insurance as part of other policies are Chubb, CNA, AXIS Capital, Hartford, Sompo, Travelers, Liberty Mutual, BCS, Argo and Berkshire Hathaway.

For the enterprises looking to buy Cyber Insurance, there is a careful need of planning. Despite the spate of cyberattacks, Cyber Insurance is looked upon as luxury by most of the boards, especially due to the economic strain from Covid-19. Also, another problem is in determining how much cyber insurance they need. At this point, most of the first time buyers should be careful in buying. Its best to keep small amount of cyber insurance with increases over time. The accumulation models being used by insurers are rapidly improving. The complexity of the risks and the need for risk-adequate pricing also require top-class cyber teams cooperating across Insurance industry and that is also picking up. Accordingly, with time, better and more sustainable Cyber Insurance Products will come out in the market. So, there is no need to rush.

In terms of policy framework, the policy makers must resist the temptation to introduce any mandatory Cyber Insurance, as this would not only hamper the Cyber Insurance market by suddenly increasing the exposure of Insurers, but would also flatten the maturity curve of the Industry. Last, but, not the least, lets not forget, the basic purpose of Cyber Insurance is to pay to the Cyber Criminals and we all can do our bit by improving the Cyber Security itself at the first place.