Cyber Crime Drives Up The Cost Of Insurance

For companies and organisations, an attack by hackers can inflict financial losses, corporate embarrassment and legal action. For insurers jumping into the brave new world of cyber-crime insurance, it’s free marketing for what could be a $10 billion opportunity.

High-profile computer breaches like the hack of the Democratic National Committee and the Twitter Swastika Hack are reinforcing the need for protection against cyber threats, and companies such as Allianz SE and Beazley Plc are eager to step in.

Insurers see coverage against hackers as one of their most promising markets, estimating that premiums will triple over the next four years.

“We are optimistic that it can develop into Allianz’s and the industry’s next blockbuster,” Hartmut Mai, chief underwriting officer for corporate lines at Allianz’s industrial insurance arm, said in an interview. “Cyber insurance is our key growth area at the moment.”

A new breed of coverage couldn’t come at a better time for insurers, which are struggling to expand in most of their established markets amid slow economic growth and low catastrophe claims that weigh on prices. Insurance premium income stagnated in Europe last year and is expected to grow 1.3 percent next year, according to reinsurer Munich Re. The company estimates that cyber insurance premiums could rise to between $8.5 billion and $10 billion by 2020 from about $3.4 billion currently.

A further boost to demand may come from rules to be introduced next year by the European Union that will require companies to report cyber breaches to regulators and affected individuals.

Allianz currently writes a double-digit million-euro amount of cyber insurance premiums and recorded 28 percent growth last year, according to Mai. He said the product may evolve into an industry bestseller comparable to directors-and-officers liability insurance, which became a top offering during the last decade and now accounts for about 10 billion euros ($11 billion) in global premiums.

Boardroom Issue
“Cyber risk has become a boardroom issue over the past years, following some high profile hacker attacks,” Paul Bantick, head of cyber insurance at Beazley, said in an interview. “We haven’t seen the big breaches at the retailers such as in 2015 or the large health-care breaches that occurred in 2016. Yet, there’s still a high frequency of smaller losses.”

Cyberattacks involving ransomware -- in which criminals use malicious software to encrypt a user’s data and then extort money to unencrypt it, increased 50 percent in 2016, according to a report from Verizon Communications Inc. Criminals increasingly shifted from going after individual consumers to attacking vulnerable organisations and businesses, the report said.

Government organisations were the most frequent target of these ransomware attacks, followed by health-care businesses and financial services, according to data from security company McAfee Inc., which partnered with Verizon on the report.
While companies have had decades, and in some cases centuries, to work out the risks of fire, natural catastrophes and physical theft, cyber-crime is relatively recent, with new and more sophisticated schemes being developed every year. With damages on the rise, the biggest challenge for insurers is to set the right price and limits for their coverage. One in four medium-sized businesses in Germany have suffered a loss from a hacker attack, according to a survey published March 28 by Germany’s GDV insurance lobby group. 
“For insurers to stay relevant in an ever more technology-driven business environment, they need to embrace the opportunity while properly managing the risks,” Thomas Seidl, an analyst at Sanford C. Bernstein in London, said in a note to clients on April 24.

Like Munich Re and Allianz, Beazley also sees rapid growth in cyber insurance. The Lloyd’s of London insurer partners with Munich Re to provide the product and it’s running the book at a profit. To make sure that continues, insurers are careful not to take overly large risks in the nascent market.
“We limit our coverage to $100 million per client, of which both Munich Re and Beazley take $50 million,” Beazley’s Bantick said. “In bigger programs, the $100 million is just a first part, with others providing additional coverage.”

The scope of cyber insurance varies from one provider to the other. Typically, it protects against data and network security breaches and associated losses, and insurers limit their capacity to between $5 million and $100 million per client.
A customer fact sheet prepared by insurer Chubb Ltd., which counts the U.S. as its largest market, described a claim where hackers gained access to a school district’s network to steal names, addresses and account information from 20,000 past and present faculty and students. 

Compensation included settlements from compromised individuals, costs of responding to a regulatory investigation and public relations fees. Other cases included a data center for an online retailer that was forced to shut down temporarily and a car components maker whose system was encrypted to extort ransom.

A recent study by risk modeler Risk Management Solutions Inc. found that “if all U.S. businesses had cyber insurance, over $5 billion a year would be lost to the insurance industry from cyber data exfiltration alone. Data breaches are the leading cause of cyber insurance loss.”

Global Event
One concern is that a global cyber event such as a devastating virus spreading from Asia to Europe and the U.S. or a global cloud computing provider breaking down could affect a large number of companies covered by one insurer.
“A hurricane with a probability of happening once in 25 years could cost us as much as $150 million and the whole industry about $30 billion,” said Hiscox CEO Bronek Masojada in an interview. “Due to the lack of history, the question with cyber is whether a $30 billion loss happens once in 25 years or once in 100 years. The most important question is whether we will be alive after it.”

In terms of growth, “cyber is by far the most important part” of the business at Hiscox right now, he said. The London-based insurer will write more than $100 million in cyber premiums this year at a growth rate of 20 percent to 30 percent, Masojada estimated. 

Cyber insurance premiums at Beazley already exceed $400 million, excluding broker commissions, Bantick said. Munich Re’s premium income from the product rose to $263 million last year from $191 million in 2015. The Munich-based reinsurer aims to keep a market share of 8 percent to 10 percent going forward, reinsurance head Torsten Jeworrek said. 

Europe Awakes
Beazley’s Bantick says his company is “starting to see shoots of demand in Europe, Latin America and Asia.” Allianz’s Mai agrees, adding that he sees last year’s strong growth rates as “the product’s final breakthrough in Europe.”
Prices are on the rise as well. In the US, cyber-liability rates climbed for the 10th consecutive quarter at the end of last year while rates continued to decline in most other global insurance lines, according to a report by broker Marsh & McLennan Cos.
“While there are a lot of companies buying cyber coverage, most of them are data-breach driven,” Beazley’s Bantick said. “But clients are looking for large, holistic cyber programs that cover whatever happens from data breach to property damage and business interruption.”

Leoni AG’s experience is a lesson in the complexity of cyber risks. The German cable manufacturer lost 40 million euros last year when fraudsters used fake electronic communication to trick an executive into transferring the cash to foreign accounts. In the end Leoni got about 5 million euros from fidelity insurance it had. Even though the company had sufficient cyber insurance in place, it didn’t apply because the fraudsters didn’t hack the company’s systems.

Bloomberg:

You Might Also Read:

Company Lost $44m Through One Email Fraud:

Hackers Steal $50 Million From Leading Aviation Design Company:

Systemic Cyber Attacks Most Likely In Finance & Energy Industries:

Cyber Should Be Standalone Insurance:

 

 

« Industrial Robots Are A Security Weak Link
Trump Signs Cybersecurity Order »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Tripwire

Tripwire

Tripwire are a leading provider of risk-based security, compliance and vulnerability management solutions.

WizNucleus

WizNucleus

WizNucleus develops, markets and supports a software platform (Cyberwiz-Pro) that enables Critical Infrastructure enterprises to ensure the future state of their cybersecurity and remain compliant.

Assured Enterprises

Assured Enterprises

Assured Enterprises provides comprehensive cyber risk identification, management and mitigation across all platforms.

Cybersecurity Competence Center (C3)

Cybersecurity Competence Center (C3)

The Cybersecurity Competence Center was created to further strengthen the Luxembourg economy in the field of cybersecurity.

IUCC Cyber Unit - Israel

IUCC Cyber Unit - Israel

IUCC Cyber Unit safeguards Israel’s National Research & Education Network (NREN).

OpSec Security

OpSec Security

OpSec Online is the only brand protection solution that spans all channels so your brands are protected no matter what digital venue the criminals target.

Optimum Speciality Risks

Optimum Speciality Risks

Optimum Speciality Risks are an experienced team of cyber insurance experts, backed by Lloyds of London.

N8 Identity

N8 Identity

N8 Identity helps organizations realize the vision of Autonomous Identity Governance™ with AI-driven Identity solutions.

Zercurity

Zercurity

Zercurity is on a mission to build the ultimate cybersecurity operations platform for businesses. To help protect against a growing number of internal and external threats.

Sertainty

Sertainty

Sertainty enables developers to mix intelligence into data files for active risk mitigation and data control. Discover the impact of Data: Empowered.

Kinetic Investments

Kinetic Investments

Kinetic Investments is a venture capital firm dedicated to early-stage companies that are transforming the digital landscape.

Qohash

Qohash

With a focus on data security, Qohash supports security, compliance and optimization use cases enhancing your risk management process.

Cenobe Cyber Security

Cenobe Cyber Security

Cenobe provides customized solutions to keep you ahead of potential threats and ensure the security of your organization's systems and data.

Sweet Security

Sweet Security

Sweet Security delivers Runtime Attack Security for Cloud Workloads.

SecureFlag

SecureFlag

SecureFlag is dedicated to enhancing secure coding across all technical profiles within the Software Development Lifecycle.

Intraframe US

Intraframe US

Intraframe US is a cybersecurity company in Memphis, specializing in Digital Forensics Incident Response and Managed IT services. We provide SMBs with a 24/7 SOC for proactive Cyber Threat Management.