Q&A: Threat awareness is driving cyber insurance market

As cyber security has become an ever-more prominent issue, businesses have started to realise that, in the modern business landscape, cyber insurance is a necessity rather than an optional extra.

With that in mind, we spoke to Geoff White from Lloyd’s of London about the growing cyber insurance market and the type of threats facing businesses.

1. How has the cyber insurance market developed in the last few years?

The global cyber insurance market has undergone a period of significant growth in recent years, tripling in GWP size from $850m in 2012 to $2.5bn in 2015.

We have also witnessed a rapid evolution in the variety and availability of cyber-related coverage. A key factor in this has been the increased level of consultation between insurers, brokers and policyholders. This is facilitating a much greater understanding of potential exposures and enabling the development of cyber policies to help protect companies against the constantly changing nature of cyber threats.

Throughout this period, Lloyd’s has remained a leading player in this ever-expanding sector, and retains a global premium market share of 20-25 per cent. Currently, there are over 60 insurers within the market offering a wide range of solutions, spanning key areas such as data and privacy breach, business interruption, notification, and reputational damage.

2. What has been driving growth in the market? Have changing legislation or an awareness of the threats had an impact?

Changes in legislation have most certainly been a factor in driving growth within the cyber insurance market, particularly within emerging territories. The implementation of new legislation such as the EU General Data Protection Regulation will continue to play a major role in boosting cyber insurance uptake.

In my view, the biggest driver for growth has been the significant increase in customer awareness around cyber risks. Extensive media coverage of large-scale cyber breaches has played a significant role in placing such risks front of mind in the C-suite. Companies are also becoming far more effective at identifying and understanding their own cyber exposures; although often cyber-related risk assessments are still unearthing breaches that have already occurred which companies were simply not aware of.

3. Are there any trends you’re seeing in terms of the size and sector of companies most likely to purchase cyber insurance?

From a US perspective, the companies purchasing cyber-related insurance cover span virtually every size and business sector. If we look at the rest of the world, the highest levels of uptake are generally to be found at the two ends of the business spectrum – SMEs and large corporations. While interest at the mid-market level is growing, there is still work to be done to increase awareness of cyber risks.

4. What kind of threats are businesses most concerned with at the moment?

While primary threat areas are very much dependant on the specific nuances of a particular organisation, the top concerns tend to focus on areas such as: potential exposure to business interruption stemming from a cyber-related incident; disruption to supply chains; and the possible reputational fall-out from an incident such as a data breach, particularly if this is not dealt with effectively.

5. Do you think the government has a bigger role to play within the industry?

There are regular discussions between governments and the insurance industry, as we work to best respond to the growing cyber challenge. Cyber Essentials is a good example of how the UK government has been working with the insurance industry to help raise cyber awareness.

I believe that the role of governments will only continue to expand as our understanding of, and exposure to, cyber risks increases.

6. How do you see the market developing over the next 12 months or so?

It can be expected that over the next 12 months we will see an increase in the number of insurers operating in the cyber sector, bringing an overall increase in capacity, which is critical to the continued growth of the sector.

We also expect to see an increased focus on claims and risk management capabilities. The role of the insurance industry goes far beyond simply providing a cyber policy; it spans the full lifecycle, from initial risk assessments through to the quick and effective management of any potential claims.

There will also be an increased focus on modelling for aggregation and systemic risk, helping to raise our understanding of the potential scope of cyber risk. We expect further product developments to emerge given the fast moving pace of cyber and technological advances.

Image source: Shutterstock/nito