Data breaches and cyber attacks continue to escalate, with no end in sight. The financial costs of cyberattacks are rising. Notable examples include the WannaCry attack, which affected 300,000 computers across 150 countries, and Petya and NotPetya, which caused huge corporate losses: for example, Merck, FedEx and Maersk each reported third-quarter losses of around US$300 million as a result of NotPetya.
While cyber insurance remains on the radar of many companies and organizations today, many of them are still on the sidelines and have not opted-in to purchase a cyber insurance policy just yet.
There has been much speculation that the cyber insurance industry is expected to grow to $10 billion by 2020. With only a year away, I’m not optimistic that premium volume growth is a realistic or even an accurate amount at this point in time.
While companies are certainly much more interested today in purchasing cyber insurance due to many emerging threats that are nearing closer to them, even with all of the big incidents, this will not lead the industry to see significant growth within 2019.
One of the main issues with cyber insurance at the moment is that we have more players than ever marketing to the same companies and organizations with all different types of coverages, different policy conditions and exclusions. While competition is certainly always a good thing, in the case of cyber insurance, it has left businesses even more confused than ever before. In my opinion, I feel this has caused analysis paralysis in the industry. While our brokerage continues to experience significant growth, the overall cyber insurance industry premium volume growth over the past year has been more on the conservative side.
Three things on the horizon that could increase Cyber Insurance growth significantly include:
1. Non-affirmative/silent/unintended cyber gets addressed
While the current debate over “affirmative” versus “non-affirmative” coverage has been ongoing for a few years, WannaCry and Petya/NotPetya cyberattacks helped make the issue of ”silent cyber” more critical. This has led to an issue of silent cyber risk happening amongst carriers that provide “all risk” insurance policies that were not designed and never intended to cover cyber related claims. We are beginning to see more “silent cyber” claims reach the courts. The outcome of these cases could help drive the growth of cyber insurance as more companies and organizations will realize that standalone cyber insurance is much more aligned with cyber risk vs. an all risk insurance policy that will need to be tested and battled out in court when a cyber related incident happens.
2. U.S. National Privacy Regulation
With the convergence of “privacy and security”, many of us are much more conscious of how and where we share our data. Especially with last year’s introduction of the GDPR and the many large scale data breaches that many of us were part of. While the U.S. has been slow to enacting one national privacy regulation, there have been many more discussions in recent months. With all that is occurring now in the political arena, the chances of a U.S. national privacy regulation happening over the next year or two is pretty slim. However, if and when a U.S. national privacy regulation is introduced, this could also help drive cyber insurance growth. In the meantime, perhaps it will be the European cyber insurance market that drives cyber insurance premium volume growth in Europe.
3. Emergence of new technologies that bring unknown risks like we have never seen before
With the emergence of new technologies such as artificial intelligence, machine learning and deep learning and with every device we use being seen as a SMART device, cyber risk is in everything we touch and breathe. Nevertheless, this will bring on attacks like we could never have imagined and have never seen before. This could also help drive cyber insurance growth.