Cyber Insurance

Is cyber insurable today?

The transfer of cyber risk must be balanced between the insured and insurer

Cybersecurity risk transfer is an issue faced by the cyber insurance industry

Cyber-risk is a dynamic and unstable risk that today is poorly managed in general by public and private sector companies. Demonstrated by the frequency, complexity and severity of cyber attacks; the ability of the insurance industry to economically underwrite and mediate cyber insurance claims, and recent interventions by the US government in cyber legislation and cyber regulatory enforcement.

The enclosed paper discusses the dynamic and evolving nature of cyber-risk and its transition from an extreme loss to an expected loss event. The failure of market forces to mitigate cyber-risk and the increased involvement of governments in the creation of cyber legislation and regulatory enforcement regimes. That when combined create significant challenges for the insurance and reinsurance industry in providing suitable policies, to manage cyber-risk. Without which significant pressure will be placed on the private sector as insurance costs increase and coverage falls, eroding a traditional risk mitigation tool. As demonstrated by increased insurance loss ratios (avg. 67% 2020), increased premiums and reduced insurance coverage following the rise in ransomware attacks.

Cyber risk transfer is a difficult decision for the insurer or insured

Organisations have relied upon cyber insurance as a tool to mitigate cyber-risk at the expense of implementing appropriate cyber security controls. However the erosion of cyber insurance coverage in 2021 is likely to continue into 2022 forcing insurers, reinsurers and organisations to reconsider the way forward for cyber-risk mitigation.

Developments in US cyber legislation and regulatory enforcement are likely to force changes to corporate cybersecurity risk management and regulatory reporting from 2022, providing an opportunity for the cyber insurance industry. In this paper we discuss the opportunity for cyber insurance firms to better oversight and assure the cyber-risk of their clients, and for organisations to implement the appropriate practices to manage cyber-risk. That could be the start of equitable and economic cyber insurance and mitigate cyber-risk appropriately, in line with shareholder and market expectations.

Enabling cyber risk transfer through cyber risk management

Presenting a solution for the effective delivery of cyber insurance and reinsurance