By Matt Kenyon
Last week we were joined by Betty Shepherd, senior VP Cyber Risk at Great American Insurance Group, Paul Guthrie, co-founder and executive VP at Envelop Risk, and Matthew McKenna, International Sales at SecurityScorecard as we discussed the threat of cybercrime to the insurance industry.
In recent weeks, cyber-security insurance has been thrown into particular focus by a number of high profile data breaches.
Just this week, The Financial Times reported that an Asian unit of AXA was targeted by a ransomware attack. This had never happened before in insurance. The breach, which resulted in the theft of three terabytes of data deposited on the dark web, saw AXA announce that it would stop reimbursing customers for any ransom payments made by customers.
The insurance industry is struggling to keep up with not only the rate of ransomware attacks, but also the number of people paying the ransom. These attacks have catastrophic consequences for those who do not pay, as entire corporate databases and operations structures can vanish in a matter of hours.
Betty Shepherd pointed to an alarming statistic: half of SMEs that are subjected to a cyber-security breach go out of business within six months. While the official guidance from insurers is not to pay ransom, and cut off the cash supply to criminals, the immediate consequences for these smaller firms can be fatal.
In Hiscox’s 2021 Cyber Readiness Report, the insurer found that firms are now spending 63% of their IT budget on cyber-security. Hiscox found that, when attacked, 58% of firms pay the ransom – the cyber losses amounted to $1.8bn (£1.27bn).
The escalating scale of the ransomware threat has put cyber insurers under an intense strain – income from premiums is very low, and claims are very high.
We have seen a perfect storm of intensifying cyber attacks on one hand and the implications of Covid-19 limiting the resources funnelled towards cyber-security on the other. The result is that there simply is not enough money to recoup the losses from these attacks, and for a number of insurers this is a risk that they are unwilling to take.
Cyber-security insurers need to articulate the case for their own products in a world in which protection from cybercrime is becoming a must-have. The more companies that invest in cyber insurance, the higher the premiums and therefore the more risk that insurers are able to take on.
In our webinar, Paul Guthrie pointed to a reorientation of how we look at cyber insurance: We should see insurance against cyber crime as a horizontal slice of a number of verticals rather than one narrow vertical. As remote working and Internet of Things continue to become ubiquitous, this intersectionality in insurance will be essential.
Cyber insurance, as with any other insurance sub-section, is an economy of scale. Without mass participation, premiums will remain unreachable and risk will remain high. Though, as we discussed in our webinar on this topic, education about risks and policies closely tailored to individual firms can alleviate the major risk of cybercrime.
–
Matt Kenyon is a content producer at Insurtech Insights.
Join 160,000 members of the insurtech community by signing up for our newsletter here.
Take a look at our upcoming webinars up here.