Cyber risk is one of the most pressing and public topics that industry is grappling with and is being addressed as a strategic priority in corporate boardrooms and by governments around the world. As the global economy becomes increasingly dependent on e-commerce and cloud computing, the susceptibility to cyber risk increases exponentially.
While this emerging risk presents significant opportunities for the industry, there are also many challenges. In addition to exposure from cyber network security and privacy liability policy portfolios, the potential for loss to physical assets could be especially significant for energy and utility infrastructures, financial institutions and power grids that are now facing the consequences of "cyber" as a peril.
The limited history, lack of data and emerging exposure make it difficult for (re)insurers to measure cyber risk and calculate capital needs. There is an opportunity to innovate with the development of modeling capabilities that can measure and quantify the cyber risk to determine pricing, correlated loss and capital support.
This is critically important because of the expected growth of the cyber insurance market, which is projected to increase from approximately USD2 billion today to USD5 billion over the next five years. This is driven by new purchasers of the product as well as by existing buyers purchasing more limit:
- The number of US-based clients of Marsh, Guy Carpenter's affiliate, purchasing standalone cyber insurance increased 32 percent in 2014 over 2013 (1).
- The cyber take-up rate - the percentage of existing Marsh financial and professional liability clients that purchased cyber insurance - rose to 16 percent (2).
- The number of first time purchasers is increasing, while many existing buyers continue to increase limits purchased.
This increased demand is being driven by:
- The significant degree of discomfort at board level given the newness of the risk and its potential for costly and public disruption.
- Approximately half of the UK business leaders Marsh has met with are not aware that there is a specific product that covers cyber risk (3).
- Although the penetration of network/privacy liability insurance in the United States is estimated to be 30 percent, just 2 percent of large UK firms have explicit cyber cover, a figure that drops to close to zero for smaller firms (4).
As publicity around cyber continues to increase and regulators require more and more disclosures and protections for consumers, we would expect more and more insureds will purchase cyber, leading to a greater need for analytics in this product line. Accordingly, the (re)insurance market is grappling with how the peril of cyber and its exposure can be managed within specialty, casualty and property reinsurance programs.
Many firms place cyber among their leading risks in terms of the likelihood and severity of impact (5). Consequences that cause the greatest concern include data loss, business interruption and theft of intellectual property, with the impact being dependent upon the industry, risk profile and size of a particular firm. There is a growing concern with the physical damage impacts of cyber-attacks (whether indirectly or directly), given the increasing connectedness of assets linked to the Internet.
A Marsh-HM Government report found that large firms have done a lot to make themselves cyber secure, yet significant risks remain (6). The risks include exposure from third parties from a variety of sources, including service providers, product suppliers, customers or in the case of banks, their borrowers. Businesses therefore need to improve supply-chain resilience to cyber-attack, particularly in cases where they have smaller business partners who are typically less well protected.
Notes:
1. Marsh: Benchmarking Trends; As Cyber Concerns Broaden, Insurance Purchases Rise, March 2015.
2. Marsh: Benchmarking Trends; As Cyber Concerns Broaden, Insurance Purchases Rise, March 2015.
3. Marsh, HM Government: UK Cyber Security; The Role of Insurance in Managing and Mitigating the Risk, March 2015.
4. Estimate based on policies placed/written by insurers who participated in the Marsh, HM Government: UK Cyber Security project.
5. Global Risks 2015 (10th Ed.), World Economic Forum, Geneva, 2015.
6. Marsh, HM Government: UK Cyber Security; The Role of Insurance in Managing and Mitigating the Risk, March 2015.