SMALL cyber tuesdayPeople who live in glass houses should take out insurance.
– Unknown

In 1969, a song by Denny Zager and Rick Evans skyrocketed to the top of musical charts. The song, “In the Year 2525,” warned of the dangers of technology, foretelling a distant future in which the human race was destroyed by it. There are days in which it seems we may be traveling along the path envisioned by the dark lyrics of that song. But for the moment, as we look at a future beset with great uncertainty as to where the cybersecurity issues plaguing the world will take us, we increasingly are turning to a traditional means of offsetting risk—buying insurance.

Writing in Fedscoop, Shaun Waterman reports that “U.S. insurers took in almost $1 billion in premiums last year for writing cybersecurity policies,” citing credit analysts at Fitch Ratings. He goes on to write that “some estimates put the global value of the cyber insurance market at $2 billion a year — and insurance broker Marsh & McLennan estimated that could multiply three to five times by 2020.” There are other estimates suggesting the market could be closer to $20 billion by the end of this decade.

What is clear is that there is a lot of insurance being bought amidst great uncertainty as to just what is covered. The Council of Insurance Agents & Brokers’ new biannual Cyber Insurance Market Watch Survey cites this interesting finding. “Confusion about what is covered and what is excluded in a cyber policy continues to be the chief concern of brokers. Seventy-one (71) percent of brokers believe that there was little to no clarity about what is and what is not covered. Much responsibility lies with individual brokers and their ability to grasp exposures and coverage nuances and discuss those with individual clients whose interest levels vary greatly. The reason for this is explained by Ken A. Crerar, president and CEO of The Council. “As cyber threats move beyond just the theft of personal information, meaningful business interruption insurance is starting to become available….While the market has more loss data on cyber incidents, theft of intellectual property, physical damage and bodily injury are still not fully comprehended.”

Absent good actuarial data, there will continue to be tension in the insurance market, even as more businesses seek to purchase insurance. Businesses will seek to gain a better understanding of coverage and exclusions as well as generally accepted risk reduction practices, which can lead to lower premium costs. For their part, insurers will continue to sort through issues like probable maximum losses and liability apportionment, while dealing with another sort of exposure that is increasingly prominent. Michael Macauley, CEO of California- based Quadrant Information Services, a supplier of pricing analytics services to property/casualty insurance carriers, notes “As an industry, insurers tend to believe that their data—and with it, the trust of their policyholders—is secure. At one time, that might have been a reasonable assumption; but insurance, which is now a high-tech industry, is just as vulnerable to attacks by hackers as are banking, retail, entertainment….”

And so it goes.

By Tom Davis, SDI Cyber Risk Practice
August 30, 2016