The most rapid premium growth by 2021 will come from cyber cover, according to recent forecasts from Aon Inpoint after the data, analytics, engagement, and consulting team examined insurance take-up rates by corporate, public sector, and not-for-profit organizations between 2013 and 2017. Over that time, the annual growth in cyber premiums was 23%, while worldwide premiums are set to be worth US$4 billion by 2021.
It’s not just Fortune 500 companies that are driving the growth, but also smaller businesses that are realizing the value of cyber insurance, said one expert.
“That’s been the trend for the last several years – cyber relative to other more traditional lines of coverage is the most rapidly growing,” said Tim Francis (pictured), enterprise lead for cyber insurance at Travelers. “Relative to traditional coverage, there are still a lot of brand new buyers. In fact, most of our customers, those particularly in the small or mid-size segments, are first-time buyers, so I see that trend very much likely to continue for the foreseeable future.”
It takes some convincing for risk managers from some of these smaller businesses to see the value of cyber insurance, especially since it’s the big hacks of public infrastructure or industry giants that often make the news.
“There’s still a little bit of, ‘that’s a phenomenon that happens to very large companies’ – retailers, hospitality, healthcare, and if you’re not in the space or you’re a certain size and under, you’ve maybe not fully appreciated the magnitude that a cyber event can have, coupled with just a general lack of awareness of the value proposition of what cyber insurance does,” explained Francis.
Data breaches and ransomware, and the ripple effects of business interruption and reputational harm from a cyberattack are not limited to companies that hold a lot of personally identifiable information or credit card numbers any more. If you are running a business and using computers or any technology, you’re exposed, Francis told Corporate Risk and Insurance. If your system stops working and you can’t make widgets, that’s a negative outcome with potentially far-reaching implications for a business.
As with other lines of insurance, those that do buy cyber coverage often only understand the value of it after they’ve had experiences with a cyber incident, said Francis.
“As far as the take-up rate of those that are just buying, it’s a combination – it’s either they’ve had an event or they’re aware of somebody else that kind of looks like them – same industry, maybe in the same town,” he explained, adding that more likely than not, they’re also sitting down and talking to their insurance agents about all the other coverages they buy, and that agent is helping the customer identify the threat, see the value of insurance and understand that there are options scaled for their needs, even if they’re small and mid-size.
While putting in place cybersecurity measures, which are already evolving at a rapid pace, can set-up a company for success, insurance fits well into a holistic approach where a company hopes for the best, but is prepared for the worst.
“It’s having the ability to be resilient if it happens – have an incident response plan, have access to professionals that do the forensics investigation, a breach coach remediation [that] can pay a bitcoin ransom if such a thing is necessary – and if they don’t have those services, they can access those professionals that we have on retainer to provide those services,” said Francis. “Certainly a small company doesn’t have the resources, nor should they, to apply the same amount of talent and money at the problem as a Fortune 100 company, but you have to do the best you can for who you are. Understand how your peers operate – what’s the best practice for a company that looks like you in your industry, or is your size.”