2017 could see a huge spike in demand for cyber insurance due to fear of high-profile cyberattacks, according to a number of reports as well as experts that include Inga Beale, the CEO of Lloyd’s.
This surge in the demand for cyber, specifically in the UK market, was outlined by the results of a survey conducted at the 2016 London Cyber Symposium, which suggested that the adoption of cyber insurance had risen 50 percent in 2016.
This is confirmed by Inga Beale, CEO of Lloyd’s, who told Bermuda:Re+ILS’s sister publication Intelligent Insurer that Lloyd’s has seen a threefold increase on cyber business over the past two years and she anticipates more growth driven by multiple factors.
“In 2016 we’ve seen highly publicised cyber-attacks on some of the biggest corporate and retail names in the UK and globally. The effect of these breaches is multi-layered – besides business interruption, they can have a long lasting reputational impact and seriously affect the bottom line,” Beale, said.
Beale noted that the General Data Protection Regulation that is coming into force in in European Union in May 2018 will mean that businesses have to be more responsive to any cyber incident than may have been the case in the past.
Scott Stransky, assistant vice president and principal scientist at AIR, believes that this ‘fear factor’ that is driving the demand in cyber is entirely justified, citing significant breaches in 2016 and in the years prior, as well as notification laws in place in the US and similar laws that are coming into effect in the UK and Europe.
He suggested this started in 2013 with the breach of US discount store retailer Target in 2013, which exposed the debit and credit card accounts of approximately 40 million customers.
Since then there have been many others including the Sony breach in 2014, the Anthem medical data breach in 2015, and the more recent alleged hacking of the Democratic National Committee during the US presidential election.
Stransky said: “You hear about these breaches all the times, and there are so many more breaches that don't make the news. AIR has a database of historical breaches, which sits at around 23,000. If you're on the news maybe you hear about 10 to 20 breaches in the year, but there are thousands.”
Perhaps what is scarier to the insurance industry, in Stransky’s opinion, are the new types of breaches that are being seen, such as the recent breach of Dyn, an internet performance management company which offers domain registration and other services, in October 2016.
“When Dyn went down in October, it didn't go down for the very long. So because of deductibles and waiting periods it probably didn't cost the insurance industry very much, but it got people thinking,” he continued.
“They were thinking 'well how many companies in my book actually rely on Dyn to host or run DNS for their website?' and the answers the came up with is 'we don't know' and that was a very scary thought.”
Stransky believes that in terms of cyber, non-physical business interruption is where the 'disaster' is going to happen.
He continued: “When Target got breached, that was really bad for Target, but it wasn't necessarily so bad for other companies. So if you're an insurance company and you were writing Target, you suffered a loss. But with the Dyn breach, if Dyn goes down for a day or two or five, you're going to suffer claims on multiple companies at once, and that's where the disaster is going to happen.”
With new breaches almost inevitable in 2017, along with new data laws being put in place, there has been a rise in insurance companies increasing their cyber book, and also modelling for cyber, calculating the potential losses from an exposure.
Beale concluded: “Insurance can play a critical role in helping businesses in this environment, not just in terms of cover for any financial losses, but for the support regarding meeting regulatory obligations and dealing with potential operational and reputational fall-outs.
“Our research has shown that cyber risk increasingly sits at the most senior level of business, and although the UK and Europe are still lagging behind the US in terms of take up of cyber coverage, the Lloyd’s market has seen a threefold increase on cyber business over the past two years, and we expect it to continue to grow in 2017.”
Cyber, Lloyd's, AIR, Inga Beale, Scott Stransky, UK, Europe, North America