No matter how robust and agile the system is, how efficient the organization’s policies and regulations are and how secure the network connections are, there is always a daunting risk of data loss either maliciously, by human error or due to system glitches. The total monetary loss after a cyber-attack encompasses both tangible and intangible elements such as loss of direct monetary gain, expenses related to specialist lawyer, IT forensics experts, investigators, various fees and penalties, digital disruption, credit monitoring, slump in good will etc. – all of which can be humongous.
This is enough justification for companies – large, medium or small – to get Cyber Liability Insurance Cover or CLIC. Of course, the coverage will not be the same for all but has to be customized as per the entity and therefore will have various terms and conditions and pricing. The major factors that dictate the type of CLIC are the type of data aggregated, size of the company and extent of the potential risk.
Cyber insurance companies offer add-on services with CLIC to custom build policies for organizations. Be it lawyers, forensic experts, spend on crisis management solutions, notification and restoration expenses – all become an intrinsic part of the coverage.
Cyber insurance companies that provide the best fit will typically have the following elements covered as part of their packages:
- First party as well as third party coverage
- Premium pricing
- Claims payout
- Underwriting risks
- Ability to offer coverages ( policies, term and conditions) over a wide spectrum of cyber risks which include theft of intellectual property, data and software loss, network failure liabilities, data destruction, DoS, etc.
Similarly, underwriters at cyber insurance companies look for the following factors while setting premium rates for CLIC:
- Check if data loss prevention (DLP) solutions are implemented. Also check for types of encryption, security for access points in the system. A comprehensive DLP solution could typically result in lower risk and hence lower premiums.
- Understand awareness level of employees around access policies. This includes checking if regular trainings are held to keep employees updated on systems and policies in place. How well educated employees and vendors are about regulations and compliance has a significant bearing on CLIC.
- Check what risk mitigation plan is in place in case of a data breach incident.
As in the case of any traditional insurance, if there is a rise in the number of claims and payouts, the CLIC deductible and premium increases. Or, the payout is cancelled completely when capped. As a result, organizations looking for CLIC usually demand more comprehensive data loss prevention solutions. When an underwriter sees and is convinced that the organization has taken good measures to prevent data losses, it may result in in lower deductibles and premiums.
What is the state of cyber insurance market in the US?
According to RnRMarketResearch.com, the cyber insurance global market was at an estimated US$ 2.5 billion in terms of gross premiums in 2014. In the US specifically, 46 states have made it a law that data breach incidents be notified publicly resulting in exponential demand for cyber insurance. Although 90% of the global cyber insurance policies are bought by US companies, yet only one-third of the US companies are covered. PwC predicts the market will grow to an estimated US$ 7.5 billion in annual premiums by 2020. Allianz, a German insurer, predicts the market to grow to US$ 20 billion by 2025. This will be a driving force in putting forth better policies and measures for DLP in companies.
Following are some of the key cyber insurance trends that were seen in 2015:
About 60% of brokers say that there has been a significant increase in the number of companies seeking cyber insurance in 2015, resulting in greater demand for DLP solutions.
Healthcare has seen the highest growth in cyber insurance demand due to its high vulnerability. Use of DLP could drastically reduce insurance-related costs.
Overall, awareness and news about data breaches accounted for more than 70% of CLIC sales.
Wrapping up, one can say that embracing cyber insurance at the correct time is imperative rather than taking the burden of monumental payoff in case of data breaches. The transfer of risk to a third-party gives an edge over competitors in the long-term by unlocking the potential for sustained growth. Simultaneously, reforming current policies and/ or pushing in for better and more effective DLP solutions is equally vital to keep cyber insurance related costs under control.