Cyber risk has definitely stepped off the “emerging risks” list and moved in with the “current risks.” Not a week goes by without another major news story about some firm or government agency being hacked and losing control over millions of records of private data – cyber risks are not only here to stay, but to grow.
Businesses, governments and other organizations are being successfully attacked every year by criminals, terrorists, hacktivists, state-sponsored groups and insiders. Losses come from data breaches as well as service interruptions, fraudulent transactions, computer viruses, cyber extortion and other new threats. These losses include, but are not limited to:
- the cost of restoring computer systems including ransom payments
- notifying affected people
- loss of business due to reputational harm
There are many ways that organizations can take actions to protect themselves. Most importantly, companies need to recognize that cyber risk defense requires an enterprise-wide response; it is not just an IT issue. Although these efforts may not be effective against all cyber attacks.
Insurers have a central position regarding cyber risk. As holders of large amounts of customer data, they are juicy targets for cyber attacks. Insurers also provide coverage for other firms who are exposed; and some of those will also send some of their aggregated cyber risk to reinsurers.
Cyber risk insurance
Cyber insurance is available and it is here to stay; it is one of a small number of major growth opportunities for insurers and reinsurers.
Cyber risk insurance is expected to grow at a double digit pace for the next 10 years, especially in the IT, telecom, financial and healthcare sectors. More than 30 insurers offer cyber coverage, but just five have dominated cyber insurance issuance to date. With all of the expected growth in that field, there is room for more and a number of insurers are considering entering the business.