Cyber insurance is a fast-emerging area of insurance that came into existence quite recently with the advent of computers and the Internet. From US$2bn in gross written premiums for 2014, the size of the cyber insurance market is estimated to grow to US$5bn in 2018 and further balloon to
US$7.5bn in 2020.
A video by ratings agency AMBest detailed the development of cyber insurance since its inception in the mid-nineties. In 1995, cyber insurance was first offered as a product in the EU after the enactment of the Data Protection Directive and the establishment of data protection as a right of EU citizens. It was then offered in the US the following year. In 2003, California implemented privacy breach notice laws, and 47 out of 50 states followed suit in the succeeding years. In 2013, the EU announced its cyber security directive, imposing minimum security measures businesses need to follow. By 2014, 25-30 London markets were offering cyber insurance, and by 2015, the European Parliament and Council reach an agreement on data protection reform, which will be in effect by 2017.
Given the relative novelty of cyber insurance, Jayne Goddard, underwriter at Barbican Insurance, described it as lacking the history other areas of insurance have. Because of that, it also has the fastest-paced change among the various insurance fields.
According to Ben Walter, CEO of Hiscox USA, cyber risk is changing from a risk people try to prevent to a risk they try to manage. In other words, cyber risk is a huge part of life, given the high level of interconnection and reliance on the Internet of many businesses today. In the future, it will not be surprising if cyber insurance becomes mandatory for a wide range of businesses.
G. Richard Dodge, litigation partner at Mayer Browns Insurance Industry Group, elaborated on the coverage of cyber insurance. According to him, it covers the costs generated by taking the steps the insured must take to remediate and investigate the data breach and restore data, as well as business interruption costs, and costs that may arise from fraudulent entry of stolen data.
Finally, Fred Eslami, senior financial analyst at AMBest, offered three ways insurers can improve their cyber insurance posture.
- Draft a specific policy language for cyber insurance instead of including it under other insurance fields
- Come up with a single risk limit that the companies can tolerate in terms of their surplus
- Have a contingency reserve relevant to the cyber policy and the aforementioned single risk limit