Cyber doom signalled for small fry insurers?

by Maryvonne Gray 08 May 2015

Cyber doom signalled for small fry insurers?

After hearing that the estimated annual cost of cyber risk losses globally is equivalent to the GDP of the 27th largest country in the world, attendees at this year’s ANZIIF liability conference in Auckland were left asking how insurance companies could make any money from the line?

The presentation, by DAC Beachcroft’s Mark Anderson and AIG’s NZ PI and Cyber manager Andrew Beven, had revealed that cyber crime was a US$100 billion dollar problem in the USA and represented NZ$500 million of economic losses in New Zealand. The global figure was put between US$375-575 billion.

Anderson told the conference the average claim payout was US$733,109 but for a large company the average was US$2.9 million and in the healthcare sector it was US$1.3 million.

After the presentation, one attendee asked: “Those are scary claims figures – is it possible to make any money?”

Andrew Beven replied with a question: “Will it be the downfall of an insurance company? We’ll have to wait and see!”

Mark Anderson said: "ACE, XL, AIG Beazley, Zurich all have presence across the global market and have committed a large amount of resource to understanding the risk. That is the basis for the Net Diligence reports that I used in my presentation. Any other players in the market will need to be careful in understanding those costs and risks."

But he admitted, when pressed further by the questioner: “There will need to be some premium there, absolutely.”

The sobering admission follows a recent Fitch report which warned that growing cyber threats could pose a credit risk to Fitch’s rated insurance companies entering the market.

It also coincided with the release last week of a KPMG survey of senior information security professionals, whose organisations are members of KPMG’s International Information Integrity Institute (I-4), on cyber insurance products.

The survey found that the most common reason for not purchasing a cyber insurance policy was the belief that insurers would not actually pay out on a claim.

It found 74% of those surveyed stated their businesses had no cyber insurance in place.

This was despite 79% believing that cyber security threats are likely to increase over the next 12 months, and three quarters (74%) perceiving organised crime and state sponsored activity posed the biggest threat.

For those whose businesses had purchased cyber insurance, 48% thought their policies might not pay out if they need it.

Mark Waghorne, head of KPMG’s I-4, said: “It is worrying to see that so many businesses would rather risk having no insurance in place to protect themselves against a threat they believe is very real.

“It is also disappointing that cyber insurance is viewed as providing little comfort to those who have it, as almost half do not believe they would be compensated properly if push came to shove.”

Waghorne said there was a belief that the market for cyber insurance did not appear to be sufficiently mature yet.

“Insurers will need to deliver more comprehensive packages in order to convince the business community that they can and will protect against losses on cybercrime.”

He added that discussions during a later debate at the most recent I-4 Forum showed the availability of focused cyber related insurance had much improved during the past year with evidence that carriers had paid out.

“This indicates that organisations which have avoided cyber insurance in the past should perhaps revisit their positions,” he said.