PWC Insurance 2020 report | reaping the dividends
Businesses across all sectors are beginning to recognise the importance of cyber insurance in today’s increasingly complex and high risk digital landscape.
In turn, many insurers and reinsurers are looking to take advantage of an opportunity to secure new business with potentially good margins in an otherwise soft market.
Some though are still wary of cyber risk even though there is no doubt that cyber insurance offers considerable opportunities for revenue growth.
Already many insurers are facing considerable cyber exposures within their technology, errors & omissions, general liability and other existing business lines. The immediate priority is to evaluate and manage these ‘buried’ exposures.
An estimated $2.5 billion in cyber insurance premium was written in 2014.13 Some 90% of cyber insurance is purchased by US companies, underlining the size of the opportunities for further market expansion worldwide. In the UK, for example, only 2% of companies have standalone cyber insurance. Even in the more penetrated US market, only around a third of companies have any form of cyber coverage. There is also a wide variation in take-up by industry, with only 5% of manufacturing companies in the US holding standalone cyber insurance, compared to around 50% in the healthcare, technology and retail sectors.
As recognition of cyber threats increases, take-up of cyber insurance in under-penetrated industries and countries continues to grow, and companies face demands to disclose whether they have cyber coverage (examples include the US Securities and Exchange Commission’s disclosure guidance18). We estimate that the cyber insurance market could grow to $5 billion in annual premiums by 2018 and at least $7.5 billion by 2020.
So why is there so much scepticism over cyber insurance? Part of the challenge is that cyber risk isn’t like any other risk insurers and reinsurers have ever had to underwrite. There is limited publicly available data on the scale and financial impact of attacks. The difficulties created by the minimal data are heightened by the speed with which the threats are evolving and proliferating. While underwriters can estimate the likely cost of systems remediation with reasonable certainty, there simply isn’t enough historical data to gauge further losses resulting from brand impairment or compensation to customers, suppliers and other stakeholders. A UK Government report estimates that the insurance industry’s global cyber risk exposure is already in the region of £100 billion4 ($150 billion), more than a third of the Centre for Strategic and International Studies’ estimate of the annual losses from cyber attacks ($400 billion)5. And while the scale of the potential losses is on a par with natural catastrophes, incidents are much more frequent.
As a result, there are growing concerns about both the concentrations of cyber risk and the ability of
less experienced insurers to withstand what could become a fast sequence of high loss events.
This timely report from PWC provides considerable insight on these themes and shares a perspective that will help you understand the challenges that need to be understood to increase your security and the return on investment.
You might also like ...
The 10 steps to Cyber Security discusses how cyber security is now one of the biggest challenges economy. Produced jointly by GCHQ, BIS and CPNI it offers guidance for business on how to make the UK’s networks more resilient and protect key information assets against cyber threats.
If your organizations hasn't taken steps to protect itself your IT systems may already be compromised with your intellect property compromised and your security breached. This is happening every day to not just one or two, but thousands and you should be asking yourself the question "Are we confident that we are secure?".
It need not be difficult or expensive, roughly 80% of all attacks would be defeated by embedding basic information security practices into your operations.
This report provides an excellent primer on the Risks and measures that can defeat most attacks and focuses on key points of risk management and corporate governance including some case studies based on real events.