The cyber risk insurance market for Canada is yet to take off, but it won't be too far behind the US as demand for cyber risk insurance in Canada is set to increase due to the high costs of a data breach.
The US is currently leading the pack in terms of market size for cyber risk insurance, product development as well as legislation related to data security and privacy laws. A key contributing factor to this is that the cost of a data breach is highest in the US.
Marsh, one of the biggest providers of cyber insurance products in the US, said recently that it experienced a 32% rise in the purchases of standalone cyber insurance policies in 2014, whereas in Canada, the market for cyber risk insurance was stable in 2014.
But Joel Dudley, financial services analyst at research house Timetric told
Insurance Business the Canadian market is yet to develop “as there is a lack of expertise to quantify cyber exposures and collect more secure data from the prospective clients.”
Dudely nevertheless said the Canadian market will develop because at present the average cost of a data breach in Canada is higher than in other markets such as the UK, France, Italy and Japan.
Earlier this year, another researcher, the Ponemon Institute, carried out the first Canadian study of its kind, which found that the average consolidated total cost of a data breach in Canada was $5.32 million.
The average cost per lost or stolen record was $250, with the highest contribution from detection and escalation costs at $91, followed by lost business ($84) and ex-post response ($67), the study found.
According to Ponemon, the following actions “appear to reduce data breach costs for Canadian companies: having an incident response plan in place, extensive use of encryption, employee training, board-level involvement, the appointment of a CISO with enterprise-wide responsibility, and the involvement of business continuity management in the remediation of the breach and insurance protection.”
The cyber risk sector's most developed market, the US, accounts for approximately 90% of global premium in the cyber insurance market – valued at US$2 billion in gross written premiums in 2014 and estimated to reach US$2.75 billion in 2015.
What Dudley and Timetric are seeing is that insurers in the US are increasingly collaborating with cyber security specialists to make a stronger case for cyber risk insurance. For instance,
Munich Re collaborated with Hewlett Packard, and
Swiss Re formed a partnership with IBM.
“Cyber risk management requires an optimal balance between IT security measures and transfer of risk as an insurance solution for cyber risk. Insurers’ core competency lies in pricing and underwriting risk, while cyber security experts are specialized in using technology that deals with cyber vulnerabilities,” said Dudley.
Regulation also plays a key role. Data breach notification requirements in 47 states have been one of the most important drivers for the growth of the cyber insurance market in the US.