Cyber Insurance Risk potential for Las Vegas businesses
By: Leigh Thomas & Jim Finkle (Insurance Journal) July 2014
Insurers are eagerly eyeing exponential growth in the tiny cyber coverage market but their lack of experience and skills handling hackers and data breaches may keep their ambitions in check.
High profile cases of hackers seizing sensitive customer data from companies, such as U.S. retailer Target Corp. or e-commerce company eBay Inc., have executives checking their insurance policies.
Increasingly, corporate risk managers are seeing insurance against cyber crime as necessary budget spending rather than just nice to have.
The insurance broking arm of Marsh & McLennan Companies estimates the U.S cyber insurance market was worth $1 billion last year in gross written premiums and could reach as much as $2 billion this year. The European market is currently a fraction of that, at around $150 million, but is growing by 50 to 100 percent annually, according to Marsh.
Those numbers represent a sliver of the overall insurance market, which is growing at a far more sluggish rate. Premiums are set to grow only 2.8 percent this year in inflation-adjusted terms, according to Munich Re, the world’s biggest reinsurer.
The European cyber coverage market could get a big boost from draft EU data protection rules in the works that would force companies to disclose breaches of customer data to them.
“Companies have become aware that the risk of being hacked is unavoidable,” said Andreas Schlayer, responsible for cyber risk insurance at Munich Re. “People are now more aware that hackers can attack and do great damage to central infrastructure, for example in the energy sector.”
Insurers, which have more experience handling risks like hurricanes and fires, are now rushing to gain expertise in cyber technology.
“It is a difficult risk to price by traditional insurance methods as there currently is not statistically significant actuarial data available,” said Robert Parisi, head of cyber products at insurance brokers Marsh.
Andrew Braunbergon, research director at U.S. cybersecurity advisory company NSS Labs, said that some energy companies have trouble persuading insurers to provide them with cyber coverage as the industry is vulnerable to hacking attacks that could trigger disasters like an explosion in a worst-case scenario.
Pricing on policies for retailers has climbed in the wake of recent high-profile breaches at Target, Neiman Marcus, and other merchants, he added.
A NECESSARY COST
Though still very much in its infancy, the market’s potential is vast with cyber crime costing the global economy about $445 billion every year, according to an estimate last month from the Washington-based Center for Strategic and International Studies.
While many companies have in the past counted on their general commercial liability policies for coverage, they are increasingly taking out standalone contracts.
One reason for the change in attitude is a New York state court ruling in February against Sony Corp. The company, which has appealed the decision, had sought to force providers of its general commercial liability insurance to foot the bill for class action lawsuits following a major 2011 cyber attack on Sony PlayStation Network.
“This issue with Sony is that it did not have a standalone cyber product,” said Peter Beshar, general counsel at the Marsh & McLennan Companies.
Target was better protected when some 40 million payment card numbers were stolen last year. It had $100 million in cyber insurance, according to the trade publication Business Insurance.
With low interest rates limiting revenues from insurers’ vast bond portfolios, the extra underwriting income from the fast growing new market is all the more welcome.
The cost of cyber insurance varies depending, but on average $1 million in protection ranges from about $20,000 to $25,000, according to Beshar.
German insurance giant Allianz says its premiums for 10-50 million euros in protection run about 50,000-90,000 euros in annual premiums. For protection of over 50 million euros, companies can get coverage up to 300 million euros through co-insurance policies involving multiple underwriters.
Whether insurers are offering coverage at prices commensurate with the risks is anyone’s guess as long as underwriters have scant experience with hackers.
GROWING PAINS
AXA, Europe’s second biggest insurer, is making a big push into the cyber insurance market, but has so far not paid out a single business claim.
“I would like to see a successful claim, because that would be an experience,” said Philippe Derieux, deputy CEO of AXA’s global property and causality business.
AXA is hiring computer experts and engineers to build up a centralized cyber team, but Derieux said there is a shortage of qualified talent.
“It is hard for insurers and brokers to find people able to handle the product,” Munich Re’s Schlayer said.
That lack of expertise means insurers are failing to identify high-risk clients, because they are not undertaking sufficiently rigorous security evaluations before writing cyber policies, said Bryan Rose, managing director with Stroz Friedberg, a firm that investigates cyber attacks.
This leaves the insurers vulnerable to underpricing their policies.
They often simply ask clients to fill out limited questionnaires that asking whether they have proper security procedures in place, rather than conducting thorough security audits, Rose said.
“There’s a real risk that insurance companies are not appropriately pricing the risk,” Rose said.
Categories
- Benefits Resources
- Bonding
- BOP
- Business Insurance
- Commercial Auto
- Commercial Property
- Company News
- Construction
- Crime Insurance
- Cyber Insurance
- Directors & Officers
- Employee Benefits
- Employment Practice Liability Insurance
- Entertainment
- General Liability
- Health Insurance
- Healthcare
- Healthcare Reform
- Homeowners Insurance
- Hospitality
- Manufacturing
- Medical Malpractice
- Mining & Energy
- Nightclubs
- Personal Auto
- Personal Insurance
- Professional
- Restaurants
- Retail & Wholesale
- Risk Management Resources
- Safety Topics
- SBA Bonds
- Security
- Seminars
- Technology
- Tourism
- Transportation
- Uncategorized
- Workers Compensation
Archives
- May 2021
- November 2020
- October 2020
- September 2020
- August 2020
- July 2020
- June 2020
- May 2020
- November 2018
- September 2018
- August 2018
- May 2018
- April 2018
- March 2018
- February 2018
- January 2018
- December 2017
- November 2017
- October 2017
- September 2017
- August 2017
- July 2017
- June 2017
- May 2017
- April 2017
- March 2017
- February 2017
- January 2017
- October 2016
- September 2016
- August 2016
- July 2016
- June 2016
- May 2016
- April 2016
- March 2016
- February 2016
- January 2016
- December 2015
- November 2015
- October 2015
- September 2015
- August 2015
- July 2015
- June 2015
- May 2015
- April 2015
- March 2015
- February 2015
- January 2015
- December 2014
- November 2014
- October 2014
- September 2014
- August 2014
- July 2014
- June 2014
- May 2014
- April 2014
- March 2014
- February 2014
- January 2014
- December 2013
- November 2013
- October 2013
- September 2013
- August 2013
- July 2013
- June 2013
- February 2013
- November 2011
- October 2011
- September 2011
- July 2011
- June 2011
- March 2011
- November 2010
- October 2010
- September 2010
- April 2010
- February 2010
- November 2009
- October 2009
- November 2008
- August 2008