Insurance is about more than just risk transfer

Insurance is about more than just risk transfer | Insurance Business

Insurance is about more than just risk transfer
Many people downplay insurance as no more than a contracted risk transfer mechanism – but its value is much greater than that. The services that accompany and enhance insurance risk transfer add immense worth to insurance policies.

Cyber insurance is one sector with integral value-added services. Responding to a cyber event like ransomware or a data breach requires more than just risk transfer. Companies of all sizes need breach preparation plans, breach response teams and forensic cyber specialists to assist in the event of a cyberattack.
The cyber insurance market in Canada is “extremely healthy,” according to Ben Hunter, managing director, middle market at Travelers Canada. There are dozens of companies offering cyber insurance products and many insurance brokers specializing in the sector.

Search and compare product listings for Cyber Insurance from specialty market providers here

“Cyber insurance in Canada is active and thriving, but there is still lots of room for opportunity and improvement in Canada,” Hunter told Insurance Business. “Brokers and insurers have a job to do when it comes to increasing the awareness of cyber exposures and the cyber insurance products that can address those exposures.

“It’s not just large companies that are being hit by cyber attacks and cyber exposures. It’s incumbent upon the industry to educate the small and medium-sized enterprises about their cyber risk. Small and medium enterprises are the ones that really benefit from the value-added services (the breach coaches and forensic analysts) that come with a cyber insurance policy. Our job is to make them aware of that value.”

Cyber attacks are changing in nature as cyber criminals become more sophisticated. No matter how strong a company’s cybersecurity system is, nothing is ever completely secure or foolproof, said Tim Francis, enterprise lead for cyber insurance at Travelers.

“Companies need to understand that cyber events can still take place despite security measures and risk transfer systems – and when they do, they could be financially catastrophic,” Francis said. “Most companies tend to appreciate the value of insurance but they aren’t always aware of the range of products available in the market and that products can be tailored to fit the individual needs of a company. On top of that, brokers need to make sure their clients understand the continuum of the value proposition within cyber insurance solutions more broadly.”

Major media attention has boosted awareness of cybersecurity needs in Canada – but a focus on “catastrophic and dire” cyber events means that companies sometimes get lost in the mundane, according to Francis. Companies sometimes fail to recognize how an event might impact them, but a good education campaign by the insurance industry can fix that problem.

Another issue that is likely to drive cyber insurance uptake in Canada are changes to the Canadian Privacy Law. Hunter commented: “In June 2015, Canada passed into law Bill S-4, the Digital Privacy Act, which made a number of amendments to the Personal Information and Electronics Document Act. That Act will now include mandatory requirements for organizations to give notice to affected individuals in certain circumstances.

“Currently in Canada, notification is voluntary in most provinces. So, with that mandatory legal notification requirement, companies will want to have a plan in place to notify affected customers and they will want an insurance policy that includes access to a breach coach, to help with their post-breach response.”

Related stories:
Cyberattack gateway: How brokers can help
Chubb expands cyber risk management offerings in US and Canada