Cyber risk for insurers

Cyber risk has definitely stepped off the “emerging risks” list and moved in with the “current risks.”  Not a week goes by without another major news story about some firm or government agency being hacked and losing control over millions of records of private data – cyber risks are not only here to stay, but to grow.

Businesses, governments and other organizations are being successfully attacked every year by criminals, terrorists, hacktivists, state-sponsored groups and insiders.  Losses come from data breaches as well as service interruptions, fraudulent transactions, computer viruses, cyber extortion and other new threats.  These losses include, but are not limited to:

Companies need to recognize that cyber risk defense requires an enterprise-wide response; it is not just an IT issue.
  • the cost of restoring computer systems including ransom payments
  • notifying affected people
  • loss of business due to reputational harm

There are many ways that organizations can take actions to protect themselves.  Most importantly, companies need to recognize that cyber risk defense requires an enterprise-wide response; it is not just an IT issue.  Although these efforts may not be effective against all cyber attacks.

Insurers have a central position regarding cyber risk.  As holders of large amounts of customer data, they are juicy targets for cyber attacks.  Insurers also provide coverage for other firms who are exposed; and some of those will also send some of their aggregated cyber risk to reinsurers.

Cyber risk insurance

Cyber insurance is available and it is here to stay; it is one of a small number of major growth opportunities for insurers and reinsurers.

Cyber risk insurance is expected to grow at a double digit pace for the next 10 years, especially in the IT, telecom, financial and healthcare sectors.  More than 30 insurers offer cyber coverage, but just five have dominated cyber insurance issuance to date.  With all of the expected growth in that field, there is room for more and a number of insurers are considering entering the business.

There is increased focus from rating agencies and regulators on cyber risk.  It has become a standard question for ratings reviews and risk focused exams.

Insurers who plan to offer cyber insurance need new tools and models to assess the risk of major losses from this business.

Recently, Willis Re presented a webinar to discuss all of these issues in detail.  Presenters included Jess Fung (lead actuary of Willis Re’s cyber practice), Adrian Nusaputra (Financial Advisory) and Dave Ingram (ERM Advisory). View the webinar in the video viewer above.

About Dave Ingram

Dave is an Executive Vice President of Willis Re, specialising in theory and practice of ERM for insurers. Based in…
Categories: Cyber Risk, Reinsurance | Tags: ,

2 Responses to Cyber risk for insurers

  1. I agree that current IT risk mitigation focuses way too much on technology – and not on process. The technology of security is quickly becoming a commodity. But what is missing in most organizations (especially SMEs) is the awareness of WHAT to do and HOW to do it. It is about making IT security a business process. Thanks for the Webinar.

  2. Max Rudolph says:

    This webinar was very well done and informative. Please consider regularly releasing these ERM Advisory webcasts publicly, even if there is a delay after original broadcast. My own work with emerging risks, including pandemics 20 years ago, show that addressing these risks as an industry can be more effective than individual companies attempting to include a risk charge on their own.

Leave a Reply

Your email address will not be published. Required fields are marked *