Cyberattacks are on the rise, and so are the financial losses that can follow in their wake, according to a new S&P Global Ratings report on the cyber insurance market.
With the COVID-19 pandemic driving greater digitalization and remote working, cyber vulnerabilities have intensified significantly. While the cyber insurance market is certainly growing, S&P Global Ratings emphasised that insurers lack the products needed to appropriately meet expected future demand.
The median cost of a cyberattack increased nearly sixfold worldwide between 2019 and 2020. However, only 26% of the firms have a stand-alone cyber insurance policy as most firms rely on generic insurance policies or have no cyber insurance at all, according to the Hiscox Cyber Readiness Report 2020.
S&P Global Ratings' latest cyber insurance report stated that cyber insurance is usually bundled into existing property or liability insurance policies. In some cases, the policies do not explicitly include or exclude cyber cover, giving rise to “silent cyber” losses – where insurers incur losses from cyber-related claims on policies that weren't intended to cover cyber risk.
“Even when the inclusion of cyber cover is explicit, a lack of transparency in both the policy's definition of cyber events and its terms and conditions creates uncertainty about the scope of the cover,” the report said.
S&P Global suggests that the development of stand-alone cyber insurance products, especially a stand-alone cyber line of business managed via a cyber centre of excellence, would offer more efficient and optimised control of accumulation risk.
Other benefits include improving the strategic purchase of reinsurance cover and the build-up of loss reserves; more optimised, centralised, and coordinated data collection; facilitating consistent prevention measures, efficient claims handling practices, and professional data recovery in a claims scenario; and bundling together in-house IT expertise and the internal cyber security department.
“This would have many advantages for insurers, chief among them preventing cyber-related claims accumulating across many different lines of business, as well as the difficulties in handling such claims,” the report said. “It would also allow insurers to mitigate the risk of silent cyber, as well as take a centralized and coordinated approach to data collection and research, which is vital for accurately calculating risk-adequate premiums.”