Companies worldwide are becoming increasingly concerned about cyber risks, which have quickly risen to the top of the list of global business dangers in less than five years. One smart move that can assist in defending the company from losses brought on by a cyber incident is cyber insurance.
Cyber insurance is a type of insurance used to safeguard businesses from losses like data loss, theft, extortion, hacking, denial of service attacks, failure to protect data and defamation. It also offers additional benefits like recurring security audits, post-incident public relations and investigative costs, and criminal reward funds.
Cyber insurance also increases cyber security by encouraging the adoption of best practices. Insurers will require security as a precondition of coverage, and companies adopting better security practices often receive lower insurance rates. This helps companies internalize both the benefits of good security and the costs of poor security, leading to greater investment and improvements in cyber security.
Despite the benefits, several factors will likely reduce the demand and willingness to pay for cyber insurance coverage. It includes a lack of awareness of potential losses from cyber risk, misunderstandings about the need for coverage, and a potential mismatch between the coverage offered and what companies seek.
Lack of awareness of potential cyber losses
While cyber risk has often been identified as an underestimated risk, there appears to be a gap in awareness of cyber risk and estimates of potential losses, which would normally be a prerequisite to any decision on the purchase of insurance coverage. According to a survey by Advisen, 73% of insurance broker respondents, insureds’ lack of understanding about the potential financial impact of cyber incidents was the biggest impediment to purchase.
It might also play a role in the relatively low number of businesses that decide whether to invest in securities and determine the sufficiency of their insurance coverage using return-on-investment analysis. Many businesses base their insurance purchase decisions on industry benchmarking (i.e., how much insurance has my competitor purchased?) rather than analyzing their actual needs due to a lack of understanding of financial exposure.
Misunderstandings about coverage
There are many misconceptions about insurance coverage for cyber risk, which start with a lack of knowledge about the existence of particular coverage for cyber risks. For instance, a survey of European businesses revealed that 50% of the companies lacked knowledge of cyber coverage for breaches of data confidentiality. As well as difficulties in comprehending the specific conditions and coverage limitations in various cyber insurance policies, there are serious misconceptions about the extent of coverage offered by traditional policies for cyber risks.
The types of coverage, exclusions, and conditions that apply in various standalone cyber insurance policies vary significantly, and the language of the policies changes quickly in response to claims experience, legal interpretations, and business imperatives. The specific terms and conditions of standalone cyber insurance policies also vary in several ways. Brokers, who are essential in assisting businesses in understanding the coverage being offered, have expressed frustration with the lack of consistency among policy offerings and the challenge of comparing offers without carefully examining terms and conditions in several surveys. As a result, some brokers reportedly cut back on the companies they work with to provide cyber insurance, which could impact the market’s competitiveness.
Coverage that is not suited to the needs of policyholders
The assumption that the products on offer do not sufficiently cover the most significant costs resulting from a cyber incident is a third barrier to purchasing cyber insurance coverage. In a survey of UK businesses, 77% of those who responded indicated that their coverage needs were only partially (or not at all) met by insurance coverage for cyber incidents. According to a global survey of businesses, inadequate coverage compared to exposure was a major factor in 36% of respondents’ decisions not to buy cyber insurance.