Emerging cyber insurance market bridges gap between tangible, intangible assets

Companies of all sizes wake up, realize they need policies that cover cost of restoring data

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someonePrint this page

More orga­ni­za­tions than ever, espe­cial­ly small and medi­um-size ones, will seek to account for the fast-ris­ing risk of suf­fer­ing a cyber attack in 2017 by buy­ing a cyber lia­bil­i­ty pol­i­cy.

The gen­er­al state of secu­ri­ty of U.S. busi­ness net­works remains ane­mic when com­pared to the vast and grow­ing capa­bil­i­ties of hack­ers with mali­cious intent. Com­pa­nies are begin­ning to real­ize the val­ue of off­set­ting this risk to an insur­ance carrier—and insur­ance com­pa­nies and under­writ­ers rec­og­nize a gold­en goose when they see one.

The fledg­ling cyber insur­ance mar­ket topped $3 bil­lion in 2015, and ABI esti­mates the glob­al cyber insur­ance mar­ket is swelling at a clip that will top $10 bil­lion by 2020.

Relat­ed: Cyber insur­ance increas­ing­ly includes val­ue-added secu­ri­ty ser­vices

Third­Cer­tain­ty sat down with Tim Fran­cis, cyber insur­ance enter­prise lead at Trav­el­ers Bond & Finan­cial Prod­ucts, and Graeme New­man, chief inno­va­tion offi­cer at CFC Under­writ­ing, short­ly after the pair spoke on this top­ic at IDT911’s Pri­va­cy XChange Forum 2016 this fall. Here’s their fore­cast. (IDT911 spon­sors Third­Cer­tain­ty. This text has been edit­ed for clar­i­ty and length.)

3C: Could you frame the emerg­ing cyber insur­ance mar­ket for us?

Graeme Newman, CFC Underwriting chief innovation officer
Graeme New­man, CFC Under­writ­ing chief inno­va­tion offi­cer

New­man: The cyber insur­ance mar­ket has been around for 15 or 16 years now, which in insur­ance terms, is a short peri­od of time, but it’s grow­ing fast. It’s very much U.S. dom­i­nat­ed, and it also falls into some spe­cif­ic indus­try ver­ti­cals. You get a lot of buy­ers in the finan­cial ser­vices, with­in retail and with­in health care. But that’s start­ing to change.

Fran­cis: Part of what’s dri­ving this shift into dif­fer­ent indus­tries, and also small­er-size com­pa­nies, is the recog­ni­tion that cyber is not just a prod­uct for com­pa­nies with large amounts of data. A lot of cov­er­ages go beyond that to things like busi­ness dis­rup­tion, which could affect any com­pa­ny vir­tu­al­ly. For instance, ran­somware has noth­ing to do with the exca­va­tion of data.

3C: What are some of the obsta­cles?

New­man: The val­ue propo­si­tion has been poor­ly artic­u­lat­ed. But that’s get­ting bet­ter as we get more buy­ers, as we see more claims exam­ples, and as we see many more peo­ple get affect­ed by things like ran­somware. So that leads to grow­ing aware­ness and to devel­op­ment of the prod­uct.

Fran­cis: There has been a lack of aware­ness. That lack of aware­ness is start­ing to be erod­ed, large­ly dri­ven by agents who are now rec­og­niz­ing their cus­tomers’ needs and begin­ning to under­stand that there are gaps in tra­di­tion­al cov­er­age. … The agents have got­ten much more com­fort­able in under­stand­ing cov­er­age dif­fer­ences and in sell­ing cyber poli­cies, and I think that’s helped spread the mar­ket.

New­man: The insur­ance mar­ket for the past 300 years has focused on insur­ing tan­gi­ble assets: phys­i­cal build­ings, plants and machin­ery. But the world has changed. The val­ue of the world’s intan­gi­ble assets—the infor­ma­tion, the data, the intel­lec­tu­al property—now exceeds the val­ue of the world’s tan­gi­ble assets. And yet the vast major­i­ty of the world’s insur­ance ven­dors are still focused on pro­tect­ing the tan­gi­ble. The cyber insur­ance mar­ket is devel­op­ing to plug that gap.

3C: Cyber threats are com­plex; hack­ers seem to be end­less­ly inno­v­a­tive.

Tim Francis, Travelers Bond & Financial Products cyber insurance enterprise lead
Tim Fran­cis, Trav­el­ers Bond & Finan­cial Prod­ucts cyber insur­ance enter­prise lead

Fran­cis: That’s right. Any com­pa­ny or orga­ni­za­tion that relies on tech­nol­o­gy or col­lects data has some ele­ment of cyber expo­sure that a cyber insur­ance prod­uct of some sort would like­ly be a good pur­chase for. I can’t imag­ine a com­pa­ny in today’s day and age that doesn’t use tech­nol­o­gy, doesn’t have some lev­el of data, that won’t be hurt if that data goes miss­ing or if their sys­tems are inop­er­a­ble for some peri­od of time.

New­man: We’re not try­ing to insure the eco­nom­ic val­ue of bits of infor­ma­tion. I think this is where buy­ers can get con­fused. It’s very much like prop­er­ty insur­ance; we’re insur­ing the rebuild val­ue. If your data gets lost, dam­aged or cor­rupt­ed, we’re pay­ing the cost of restor­ing and repair­ing that data.

3C: If I’m a com­pa­ny in the mar­ket for a pol­i­cy, how should I approach it?

Fran­cis: You should look at it very oppor­tunis­ti­cal­ly. Right now we’re in a buy­ers’ mar­ket. There are lots of dif­fer­ent car­ri­ers that offer some lev­el of cov­er­age regard­less of what indus­try you’re in, regard­less of your rev­enue or your num­ber of employ­ees. There’s like­ly to be numer­ous insur­ance options avail­able.

It’s impor­tant to con­nect with an agent that’s famil­iar with this line of insur­ance, and that pop­u­la­tion is grow­ing dai­ly. It’s also help­ful to under­stand there are cer­tain things you might be able to do up front to help make your cyber­se­cu­ri­ty pos­ture bet­ter going into this process. Talk­ing to a pro­fes­sion­al who can help guide you through this process is impor­tant.

More sto­ries relat­ed to cyber insur­ance:
Chal­lenges and oppor­tu­ni­ties ahead for cyber insur­ance indus­try
As hacks mush­room, all signs point to boom in cyber­se­cu­ri­ty insur­ance
As threats mul­ti­ply, cyber insur­ance and tech secu­ri­ty indus­tries start to merge