In Vegas, there are no sure bets. The global cyber insurance industry, however, comes close when you’re talking about expansion and growth.
According to MarketsandMarkets research, the global cyber insurance market is set to grow from $11.9 billion in 2022 to $29.2 billion by 2027. Reasons include more sophisticated cyber-attacks, increasing potential of financial losses and more complex regulatory compliance. Some areas of business are more vulnerable than others. Industries topping the list with the most cyber insurance claims include manufacturing, financial services and healthcare, plus all highly regulated industries. Cyber-attacks are on the rise with ransomware increasing by 93% in 2021.
As demand increases so too will new questions like: how do you price cyber risk? What do you cover? What do you not cover?
On this point, we turn to Swiss Re, a reinsurance company based in Zurich, Switzerland. According to its research arm, the Swiss Re Institute, “reported cyberattack incidents have grown five-fold since 2016, with monetary estimates of global losses around $945 billion.”
It makes sense.
While the need arises, reinsurance and insurance markets have limited capacity and systemic risk potential when it comes to cyber insurance. According to Swiss Re’s research, cyber insurance falls short of meeting the characteristics of insurability we are familiar with today.
This does not mean; however, insurers have no role in helping businesses protect against cyber risks. Demand is high as both our lives in the digital world and the threat landscape expands exponentially. In its research, Swiss Re experts found the cyber insurance market has reached $10 billion in 2021 (a 30% growth since 2017). Brokers are finding claims skyrocketing with premiums rising right alongside heightened demand. Swiss Re predicts the market to grow to $23 billion by 2025, further confirming the research mentioned earlier.
In his blog, “Cyber Resilience – A Vital Concept in Today’s World,” Swiss Re Chairman of the Board of Directors Sergio Ermotti points out the two-edged sword accompanying digital risks: there will never be 100% security so the mandate is to both protect and be prepared for a cyber event. I agree with his point that insurance is only one part of the solution.
As cyber insurance solutions grow alongside rising risk, Swiss Re is pioneering the building blocks of cyber insurance by re-examining underwriting procedures, enhancing underwriting requirements and pricing for cyber exposures in property and liability policies, clarifying vague terms and conditions, and better defining limits in cyber policies. Separating pricing for attritional losses from potential catastrophic events is an additional improvement the company feels will add transparency and capacity to the market.
We all know what car coverage we have (even if the print is sometimes small!). The first automobile policy came out in 1897, giving auto insurance more than a century of maturity. Cyber insurance is in its infancy. How should coverage be defined? Possibilities include:
Costs associated with a data breach, virus, cyber-attack
Network virus or other cyber-attacks, privacy events and network security breaches
Network business interruption
Reimbursable expenses such as investigation
Lawsuits and extortion
Costs associated with privacy and notification
I also believe we all have a great deal of say in how this plays out too. Things we can be doing include:
Reframing and being realistic about how we perceive risk now and in the future
Becoming educated on cyber hygiene
Taking an active role to standardize risk with a common language
Understanding disclosure requirements
Developing strategic cloud capabilities
Swiss Re helps us “see” the threat landscape with its digital trust pyramid, inspiring us to standardize digital trust and risk – from access to the internet all the way up to human interaction.
As data within the insurance industry increases, the digital trust pyramid amplifies my core belief that real growth lies at the crossroad of humanity and technology.
Swiss Re's commercial insurance arm Corporate Solutions (Corso) has a solution that addresses the unique risk factors for organizations between 10 and 250 employees called CyberSolutions 360o insurance coverage. In partnership with OZON's integrated cyber protection services, it is both a cyber service and cyber insurance.
This dual approach underscores Ermotti’s points that protection includes being prepared for cyberattacks.
What brought us to this point will not bring us forward. Cybersecurity is a moving target; it is, in a sense, elusive. We learned an important lesson from the pandemic: make no assumptions because the unimaginative might be right around the corner. This is true for people in a connected world yet unfolding.
As Swiss Re advances the societal benefits of digitalization, I will be on the edge of my seat to see how businesses regard cyber resiliency as a business priority.
In a digital-first world, how do you think modernized cyber underwriting will turn risk into resilience?
Helen Yu is a Global Top 20 thought leader in 10 categories, including digital transformation, artificial intelligence, cloud computing, cybersecurity, internet of things and marketing. She is a Board Director, Fortune 500 Advisor, WSJ Best Selling & Award Winning Author, Keynote Speaker, Top 50 Women in Tech and IBM Top 10 Global Thought Leader in Digital Transformation. She is also the Founder & CEO of Tigon Advisory, a CXO-as-a-Service growth accelerator, which multiplies growth opportunities from startups to large enterprises. Helen collaborated with prestigious organizations including Intel, VMware, Salesforce, Cisco, Qualcomm, AT&T, IBM, Microsoft and Vodafone. She is also the author of Ascend Your Start-Up.