Canadian cyber insurance industry is "stuck in the early 2000s"

Canadian cyber insurance industry is "stuck in the early 2000s" | Insurance Business Canada

Canadian cyber insurance industry is "stuck in the early 2000s"

The Canadian cyber insurance market has some room to grow when it comes to offering coverage that reflects the real cyber risks that insureds face today. To do so, insurers need to provide critical support services alongside cyber insurance policies that help policyholders deal with a cyber incident before they make a claim.

Find out more: Learn everything you need to know about Cyberscout here

Once the leader in cyber insurance, Canada has fallen behind some of its competitors, according to one expert.

“The Canadian cyber insurance industry is stuck in the early 2000s,” said Thomas Spier (pictured), commercial director for global markets at Cyberscout. “The capacity providers that are out there are rolling out and copying old US-led approaches, and there’s some very intricate, broad solutions out there influenced by Lloyd’s of London that have very low penetration rates.”

The majority of cyber insurance products that are in the Canadian market today were developed in the early 2010s, added Spier, and have not caught up to the cyber risks facing a typical household or small business today. “The market has failed to keep up with that change,” he said.

Read more: Cyber is booming, but just how good are current policies?

Since cyber insurance in Canada grew up alongside the US market, policies initially were designed to cover risks around privacy and data breach, and the loss of personal information. In turn, this created an influx of products into the market that included first party protections, which notified people that their information had been compromised, the use of call centres, and liability cover that protected companies against other ramifications, such as the involvement of government regulators or class action lawsuits.

However, most other markets around the world developed the cyber insurance product beyond this initial coverage and began chiefly distributing it as an add-on to commercial lines, package policies, business owners’ policies, or commercial combined programs, Spier told Insurance Business, which he says is “still the right place to distribute cyber insurance.”

After all, he continued, “Cyber is a fundamental risk that affects everybody. If you think about it in relation to a fire at a business premises, it’s actually more likely that you will suffer a cyber event than a fire, but you can’t buy a commercial combined package or a business owner’s policy that doesn’t cover you for fire risk.”

In some cases, cyber insurance has been bolted on as a ransomware extension to an existing endorsement, creating what Spier refers to as “Frankenstein insurance policies that are made up of sticking plaster after sticking plaster,” rather than policies that accurately reflect the actual risks that people and businesses encounter.

Read more: Cyber risk could eventually surpass insurance industry’s capacity – experts

“Conversely, you’re seeing some insurance companies move from providing this cover to everybody as standard, to forcing insureds to pay extra or buy a bolt-on endorsement,” he noted. “That doesn’t respond to the way that people’s lives, as a small business or as a private individual, are changing today – it does the reverse. You’re forcing people into more complex products, and to make decisions around whether they should insure themselves against the biggest risks that they are facing today – and that’s a fundamental mistake.”

As brokers wade through the Canadian cyber insurance marketplace, they should keep their eyes out for cyber insurers that offer cyber support services in addition to the coverage. Because policyholders typically will want to avoid making insurance claims and will attempt to use every other route possible before pursuing a claim, these services can provide that critical assistance insureds need, before having to turn to the often last resort of a claim.

A 24/7 helpline that an insured can call for expertise and advice after experiencing a cyber incident is one such service. A policyholder can use this tool however many times they need without any negative consequences for a potential future claim or policy renewal. By offering this and other types of support to insureds, policyholders gain more value from their insurance product and start to see it as something that can solve their cyber-related problems.

Cyberscout knows first-hand about the benefits of implementing cyber support services. “On the commercial lines side, 57% of the cyber events that we took in last year, we were able to solve on the phone then and there, and the insured didn’t need to engage with an insurance claims process,” said Spier. “They got the help that they needed, and they walked away happy.”

On the personal lines side, this quick resolution happened 98% of the time for Cyberscout customers, proving that having cyber support services that sit in front of the insurance claims process, and that are both broader than any insurance policy out there and are designed to respond without negative impacts on insureds are, according to Spier, “absolutely the best thing for customers.”

The Canadian cyber market should take note – focusing on providing services for cyber insureds is one way that policies can better meet their needs, and, in turn, help insurers gain higher cyber insurance penetration.

“This market is in a prime position to retake [its former] crown,” noted Spier. “It’s going to take one or two forward-looking insurance companies to push the development of cyber programs, and make sure that they get out to the masses.”