Measuring cyber risks

Underwriters have information and policy wordings to guide them when deciding whether to accept a risk. As a result, standard types of insurance cover, such as fire and theft or professional indemnity are nothing out of the ordinary. In the cyber world, however, the situation is (as always) not quite so straightforward.

Cyber threats are a relatively new and constantly changing risk category. That means there is a lack of information about them and the information that is available may no longer be relevant. Some companies may also be reluctant to share their experiences of cyber losses, in case it damages their reputation or involves sharing sensitive information. Nevertheless, if these risks are to be insured they need to be defined and measurable.

Minor cyber incidents can normally be covered by the companies themselves, although that may also change as interconnectivity increases. Still, the main cyber risks are business interruption, physical damage, cyber theft and data breaches. Risk managers need to work with underwriters to classify these risks and share information about them. Has the company suffered such an incident before? If so, what was the extent of the resulting loss and have measures been taken to prevent the incident reoccurring?

As the potential losses from cyber risks increase, risk managers will need to cooperate more closely with insurers. Granted, there is already cyber cover on the market but it has yet to cover everything that could go wrong. Risk managers and insurers need to establish a comprehensive classification of what risks they face and then go deeper and assess their impact and likelihood of occurrence.

Flexibility is going to be key given the constant nature of change in the cyber risk landscape, customised cover is also likely to be in high demand as companies discover more details about their cyber exposure.  

A data breach doesn't mean game over. After a cyber-attack we get you back in business.

Learn more about our Cyber insurance solutions.