The market capacity for cyber insurance is not large enough to adequately cover the risk,
AIG CEO Peter Hancock said Thursday.
Speaking at an event at New York University, Hancock told listeners that the amount of cyber liability coverage currently being offered by insurance carriers will only cover a fraction of the damages that occur during and after a data breach.
“The largest coverage I’m aware of is for a bank that has about $400 million in coverage which is very small when you think about it,” said Hancock. “When you compare it to the amount of capacity that’s available for a complex chemical plant, refinery, offshore oil platform, the numbers are much, much higher.”
It’s hard to argue against the point considering the 2013 Target data breach cost the company $252 million in expenses, only $90 million of which was covered by the company’s cyber policy. That left Target responsible for $162 million—more than 64% of the cost.
Technically, the largest policy currently available on the market offers coverage limits of up to $500 million, according to Robert Parisi, cyber product leader for
Marsh. Parisi told the
Wall Street Journal that in general, large cyber insurance policies are only written for about $100 million to $200 million.
Jack Elliott-Frey, a broker with Safeonline LLP, believes the current lack of capacity is directly linked to the fact that the majority of businesses are still unaware of or unconcerned with cyber risk
"There is a clear picture being painted here: businesses are unaware of the cyber threat, which leads to low demand for cyber insurance, with insurers offering generalized, inadequate policies for the small number of businesses that are requesting them," said Elliott-Frey.
He added that underwriters also have a habit of "follow[ing] the actions of others," particularly in an emerging market such as cyber, which is still being offered only by a small pool of insurers.
The lack of capacity is especially seen in the retail, healthcare and education industries, as well as in the public sector.
Brokers may have reason to be hopeful, however. Cyber insurance is one of the fastest growing products in both the standard and excess and surplus markets, and Marsh believes the amount of coverage available for cyber policies will increase over time—and likely quickly.
Hancock, too, supports this view.
“The willingness of insurers and by others in the industry to provide greater capacity will increase with greater comfort in the maturity of the countermeasures,” Hancock said at the New York University event.
You may also be interested in: "Cybercrimes are on the rise - why aren't SMEs covered?"
"Another health insurer hacked; 11mn at risk"
"BLOG: What they don't tell you about PCI compliance"
