Improving the insurability of cyber risks

The scale of the cyber risk threat is growing all the time and it far outstrips the capacity offered by the insurance market. According to a corporate cyber risk survey conducted by Swiss Re and IBM®, less than 20% of insurers currently write or plan to offer cyber protection in areas where corporations have highlighted coverage gaps. Why is that? How can the insurance industry catch up?

The cyber market presents some particular problems, which affect its insurability. There is a lack of risk data and the data available doesn’t remain relevant for long. Furthermore, risk accumulation potential makes the extent of liability hard to calculate. Third, cyber risks can remain hidden for a long time before they actually become a loss event. It’s impossible to tell how many of these long-tail risks may be out there already.

These risks are particularly challenging for insurers, as they make it hard to establish a reliable risk model and basis for pricing. Moreover, the size of some cyber risks would exceed the cover limits for a lot of companies. In addition to imposing cover limits, cyber insurance policies often include exclusions for certain loss triggers, such as self-inflicted losses.

As insurers adapt to these challenges, they are becoming more flexible in their approach and increasing the offer of tailor-made solutions. But they still need to pool risks across the industry and work with reinsurers. The scope for risk pooling remains rather limited while portfolios are small and lack diversification. However, that will change as an industry-wide risk codification system emerges.

It isn’t surprising that insurers have, for now at least, been caught out in some respects as demand for cyber cover grows. Insurance products need more planning and preparation than digital innovation. Nevertheless, the industry does have the capacity and expertise to adapt and improve its offering. Extreme events, however, will most likely remain beyond private sector limits and require government action.

A data breach doesn't mean game over. After a cyber-attack we get you back in business.

Learn more about our Cyber insurance solutions.