Skip to main content

Cyber resilience in Insurance

The COVID 19 pandemic had a significant impact on the insurance sector resulting in massive job losses, budget cuts, and the closure of many businesses. The impact on insurance has been highly disruptive due to manual operational processes performed within the sector. This has completely unsettled organizational perception and planning around strategic, operational, technological, and financial risks. To ensure business continuity, enterprises have brought in operational changes such as working from anywhere, using any device/platform, and self-service portals to provide direct services to the clients. This digital acceleration has increased online exposure increasing predatory cyberattacks, including malicious 3rd parties, ransomware, and compromised email attacks. Handling cyber risks via cyber insurance is a profitable business benefiting the insurance carrier, their customer, and the whole digital economy. Recent trends in remote work across industries, the increasing reliance of businesses across widely varied facets of operations, and the emergence of new technologies will further emphasize the significance of cyber insurance for any business.

Acceleration in the exploitation of vulnerabilities post Covid 19

Threats and vulnerabilities are not new. They were being exploited long before the Covid 19 pandemic occurred. Covid-19 and the necessity to digitize business operations and processes brought on a dramatic acceleration of criticality and therefore opportunity for hackers to exploit.

The FBI reported a 300% increase in reported cybercrimes in April 2020. In March alone, ransomware attacks increased by 148%. Between February and April 2020, phishing was up 600%, and, in April, Google blocked more than 18m Covid-19-related phishing emails each day. As a result of this heightened threat, organizations are more and more concerned about cyber resilience.

Covid-19 accelerated the importance of Cyber insurance

The increased focus on cybersecurity is a positive sign: democratic governments are aware of the priority and urgency of the task of improving cybersecurity and are addressing this politically, infrastructurally, and legislatively. The improvement in national cyber resilience in the USA and the EU Cybersecurity Strategy are examples of the steps that the governments are taking. Organizations have started adopting a holistic cyber risk management strategy that prioritizes ‘Resilience’ while giving due importance to ‘Security’. The Cyber insurance industry is rapidly evolving, opening doors for stronger relationships between insurers and policyholders. According to recent research conducted by Cowbell Cyber, 65% of small and medium-sized businesses (SMEs) are planning to spend more on cyber insurance as part of their cyber resilience plan in the next two years. Many insurers and reinsurers are looking to take advantage of what they see as a rare opportunity to secure high margins in an otherwise soft market. Cyber insurance will soon become a client expectation and insurers that are unwilling to embrace it risk losing out on other business opportunities if cyber products don’t form part of their offering.

To sustain the cyber risk and take advantage of the opportunities for profitable growth, insurers, reinsurers, and brokers are pitching cyber insurance in various areas. They have become methodical in underwriting and getting stringent in risk management. For example, cyber insurance is a key area in the claims arising due to security failures. A ransomware event or other cyberattacks can bring a plethora of costs for the insurers/ reinsurers including business interruption losses.

However, the coverage offered by cyber insurance does not hold for all the scenarios where there is a slowdown of the company network due to overuse, administrative, or programming error. In these cases, cyber insurance will not be triggered. Similarly, the voluntary shutdown of systems to limit the potential loss following the discovery of a security or systems failure is also out of the scope of cyber insurance.

Trends in Cyber Insurance

Cyber insurance is a potentially huge, but still largely untapped, opportunity for insurers and reinsurers. Industries of all types are realizing the need for specific, tailored cyber policies to address their unique needs. The coming year will usher in a wave of transformation for cyber insurance. The trends where the cyber insurance industry is heading are as follows:

The coronavirus outbreak has resulted in the largest workfrom-home situation in history, presenting criminals with new opportunities to exploit any security vulnerabilities created by the pandemic. Due to the constant and amplifying effort to improve the customer experience companies are relying on digital disruption which has become a significant driver of cyber losses. With the economic downturn and shift in the business landscape, there is an increase in the frequency of attacks on business email. Cyber exposures have emerged as a hot topic in mergers and acquisitions (M&A) following some large data breaches. Even the best-protected companies can be exposed if they acquire a company with weak cyber security or existing vulnerabilities. As a result of which strict data protection and privacy regulation is increasing in both scope and geographical reach, creating more stringent requirements on organizations that collect and use personal data, as well as enhanced rights for consumers and higher penalties for breaches.

Managing & Mitigating Cyber Risk Threats

The need for digitization has helped cyber-attacks to change the risk dynamics more quickly than expected. Some cyber insurers have already proven that they can be part of the solution when it comes to building up resiliency and preparedness. Hence cyber insurance has great potential and so do the opportunities for the insurance industry in this space. To accommodate it, the insurance industry needs to provide transparency on coverage and accompanying service offerings. Insurance carriers have come up with various insurance coverages to manage the impact of cyber exposures. Examples include:

Some such offering that is prevalent in this situation are:

The Roadmap Ahead

The pandemic has opened the versions of cyber-attack. This has recognized the importance of cyber insurance in today’s increasingly complex and high-risk digital landscape. Cyber insurance is a potentially huge, but still largely untapped opportunity for insurers. To achieve this, insurers are looking forward to taking the advantage of the current situation, which was a rare opportunity in past. The trend shows that Annual GWP will grow from around $2.5 billion today to reach $7.5 billion by the end of the decade. Insurers that are unwilling or not prepared to embrace it might lose their business if cyber products don’t form part of their offering.

About the Author

Vikram Singh works as AVP and heads the Insurance Pre-sales & Advisory Practice. He is a Sr. Business SME, having 25+ years of rich Insurance experience in providing advisory services to insurance carriers across the globe. Vikram has successfully executed, designed, implemented, & transformed insurance solutions. This includes blueprinting & solutions, assessments, innovation consulting services along with insurance transformation services.


Let’s engage