Topics In Demand
Notification
New

No notification found.

Cyber Insurance Beyond the Basics
Cyber Insurance Beyond the Basics

August 30, 2023

157

1

Cyber Insurance Beyond the Basics

In this age of big data and all-time high data usage, data breaches and related cybercrimes are becoming extremely common. In the recent past, data violations have led to massive fines and legal charges that companies are subjected to.  Irrespective of their size, industry, or geography, companies are at the receiving end of these crimes and are susceptible to being hacked. Cyber insurance industry has seen a major demand led by mounting numbers of work from home jobs across various sectors, which are mostly performed on unsecured networks. Looking at the current landscape of cybercrimes, organizations globally have spent about USD 150 billion in 2021 on cybersecurity, increasing by around 12.0% Y-O-Y.

Market Dynamics

The cyber insurance market size was around USD 10.30 Bn in 2021, and it is projected to grow from USD 12.80 Bn in 2022 to USD 66.60 bn by 2029 growing at a CAGR of around 25.0%. Industries with critical infrastructure, such as energy, transportation, water supply and healthcare, are experiencing an increasing number of cyber-attacks, in the form of malware, phishing, and ransomware to compromise critical systems. With technological advancements such as integration of Blockchain and AI, the global cyber insurance industry will continue to perform better in terms of transparent solutions, cost optimization, accuracy and efficiency, and real time operations, among others. AI has helped increase the underwriter’s efficiency with a precise prediction of risk threats. First-party insurance has increased as data destruction, online theft, extortion, and hacking activities increased. Also, cyber insurance policy customizations will become imperative to match the fast-changing needs of business dynamics.

Industry Obstacles

There is an immense gap between data requirement and data availability which makes it difficult for insurers to build the predictive models to assess probability of loss. Most of the insurance companies have not done enough business in the cyber insurance segment to gather extensive self-owned data, which creates huge dependency on whatever data that is available publicly. Also, various forms of cybercrimes data such as ransomware, denial of service attack, and so on are still not exposed extensively. All these factors amplify the existing problem of data unavailability. As a corrective measure, insurers need to take the existing reporting bias into consideration while developing insurance plans.

Another major obstacle to this market is the innate nature of extreme volatility in cybercrimes. Cybercrimes keeps advancing with new ways of entry, targeting and techniques which thus surpasses the predictive models of insurance companies leaving them discouraged. This is one major reason why companies are reluctant to come into this market or expand their already existing reach. With emergence of generative AI, cyber criminals can use the technology to produce credible and convincing materials and use them to produce fake emails and other related communication. Tech security firm Zscaler observed a 47% rise in phishing attempts in 2022 and credited a rise of AI as a major reason for it. Insurance companies need to proactively identify, quantify, model, manage and control cyber accumulation.

Backed by the preceding factors, cyber insurance companies also have a limiting vision of the immense opportunities of this industry especially in underserved market segments. It is observed that cyberattacks in future years will be majorly driven by Artificial Intelligence (AI) and Metaverse,  Internet of Things (IoT) and OT (Operational Technology).

Strategies to Overcome Obstacles

Cyber Insurance companies need to apply different strategies at various touchpoints to overcome growth obstacles holistically. Gaining mass of self-owned data is very crucial which means performing more cyber business. Risk management steps for applicants to be secure, vigilant, and resilient should remain a focus area while underwriting and pricing assessments. Companies can also follow Segmentation approach of underwriting for specific industries, exposure or technology and consider a layered, multi-insurer coverage program. Offering holistic cyber risk management programs is another strategy to overcome growth obstacles. This can include risk prevention services, post-loss response, recovery support. Policyholders that meet risk-management maturity benchmarks can be awarded with real-time monitoring, lower premiums, and increased limits as incentives. Companies can also share insights, threat intelligence capabilities and expertise with clients who are facing similar types of exposures. Companies can price insurance products basis the risk management maturity of buyer and perform a rigorous examining of small insureds through elaborate questionnaires and large buyers through on- site inspection.

Another major strategy is to focus on increasing risk awareness amongst all the intermediaries and brokers and thereby spreading it to wider audience through them. Direct outreach efforts and deploying more intermediaries, awareness on potential to generate additional income through risk management services, and converting price driven policy peddlers to value-added risk managers can turn out to be highly instrumental in the growth of cyber insurance market. Another concern has been raised by end consumers regarding the language of the policies. There is a key need to create uniform policy language to boost consumer confidence. ISO has mentioned that policy terminology can be instrumental in avoiding massive potential of coverage disagreements which currently leads to a time-consuming and costly litigation. To achieve this, industry peers and neutral third-party group such as associations and organizations can come together to create a uniformly accepted and understandable policy language. Creation of a uniform policy language will help with lowering the chances for potential coverage disputes that elevate claims management costs for insurers and weaken consumer confidence in coverage.

Way Forward

In the next five years, the cyber insurance industry is expected to showcase a significant growth due to constant evolution in the type and source of cyber-attacks. Insurers will develop tailored coverage options, focusing on emerging risks such as ransomware and data breaches. AI and data analytics will be leveraged to assess risks more accurately, leading to more personalized policies. Cyber insurance will become a standard part of corporate risk management, and premiums may become more affordable as the market matures. With industry witnessing a rising number of companies entering the market, pressure on pricing is expected to happen and lead to expanding coverages for attracting and retaining business. To offset the rising exposures to risk factors, larger organizations may also look at transferring this risk to investors through cyber bonds. Cyber risk retention groups may be formed to cover groups of small to midsize companies. However, challenges in quantifying intangible risks and potential legal complexities may also arise, prompting insurers to refine their underwriting practices.

 


That the contents of third-party articles/blogs published here on the website, and the interpretation of all information in the article/blogs such as data, maps, numbers, opinions etc. displayed in the article/blogs and views or the opinions expressed within the content are solely of the author's; and do not reflect the opinions and beliefs of NASSCOM or its affiliates in any manner. NASSCOM does not take any liability w.r.t. content in any manner and will not be liable in any manner whatsoever for any kind of liability arising out of any act, error or omission. The contents of third-party article/blogs published, are provided solely as convenience; and the presence of these articles/blogs should not, under any circumstances, be considered as an endorsement of the contents by NASSCOM in any manner; and if you chose to access these articles/blogs , you do so at your own risk.


images
Vasudha Arun
Senior Research Analyst

Vasudha Arun works for Corporate Marketing Research and Advisory, TCS. She develops strategic research and insights for Retail and Consumer Products Industry, assessing industry trends, leaders outlook, strategic priorities, industry challenges and Future outlook across large global organizations. She has worked in consulting roles globally, collaborating with CxOs and leaders across various functional domains. Her primary consulting and skills include - Primary Research, Analytics, Data Visualization, Business Process Re-engineering, Strategy Deployment, Program Management, Change Management, Market Forecast and Estimation. Vasudha has almost a decade of work experience. Vasudha has worked along with CXOs to deliver solutions towards modifying the core process within an organization thus adding to ROI.

© Copyright nasscom. All Rights Reserved.