Time for insurance to reassess its approach to cyber?

Time for insurance to reassess its approach to cyber? | Insurance Business America

Time for insurance to reassess its approach to cyber?

It’s little surprise that increasing numbers of insurance companies are launching new products and entering the cyber insurance space. It’s already a massive market – with the potential to grow exponentially – and insurers know that by securing just a small share of the burgeoning space they could give a significant boost to their bottom line.

In a sense, it’s also a strange time for the cyber insurance space. Opportunities are definitely growing, but then so are risks. New players entering the arena can’t just show up and watch the money come in. Hackers are growing increasingly sophisticated in their methods and, if anything, are harder for law enforcement to prevent and catch than ever before.

The new entrants may not be doing anything revolutionary with regard policies or prevention, but they are having a definite impact in one important area: pricing.

“Generally, there has been downward pressure as more insurers come into the market,” says Jeremy Barnett, senior vice president, NAS Insurance. “We would generally consider it a pretty soft market in cyber, but so much is risk dependent: the price really depends on the type of business, the size of business and the history of the business.”

Unsurprisingly, the biggest story of the year in cyber insurance is the Equifax hack, which has been hailed as one of the worst data breaches in US history. Hackers stole the social security numbers of about 143 million US citizens by exploiting a security vulnerability in a US-based application, according to the credit reporting agency. For Barnett, such a large-scale hack should represent an opportunity for insurers in the cyber space to reassess how they’re approaching risk and what they’re doing for their clients. 

“When someone like Equifax has a breach, it certainly calls into question what level of security insurers should be assessing when underwriting,” Barnett says. “When companies with the most sophisticated security systems and networks have an incident, it means there must be a better way to evaluate the things put in place in the underwriting process.”

“With each new incident, the entire industry learns a lot about where the vulnerabilities are. When we all understand more about what happened with Equifax - and the vulnerabilities that were exploited - and what that really means, then when we can use that knowledge to advise our clients about their own possible weak spots.”