With cyber crime costing businesses worldwide hundreds of billions of dollars a year, Lloyds insurance market in London is positioning itself to become the global hub for cyber insurance - a market it is estimated will be worth US$85 billion (£55.6 billion).
Recent high-profile cyber attacks have hit well-known corporations such as Sony, JP Morgan and Home Depot. But these are merely the tip of a vast unreported mountain of cybercrime that has been growing over the last few years. Estimates of the cost of cyber crime to businesses worldwide range from around US$445 billion (£291 billion) to US$2 trillion a year (£1.3 billion). The true cost of cyber crime will not be known until legislation now being drawn up in the US and in Europe making the reporting of cyber intrusions compulsory is enacted.
Meanwhile, escalating levels of cyber crime have taken companies worldwide by surprise with insurers and their clients struggling to quantify the level of cyber risk. Part of the problem is that cyber crime is blanket term that covers all kinds of digital intrusions and attacks. These can range from a disgruntled former employee defacing a corporate website to an organised criminal gang (OCG) emptying a company's bank accounts and destroying its entire database with the latest 'Blastware', which can be easily be transmitted via a corrupted email or compromised smartphone.
Global cyber insurance to be worth US$85 billion (£55.6 billion)
The growing threat and companies' increasing awareness of the problem is expected to stimulate a boom in cyber insurance over the next year. Global premiums are estimated to have reached US$2.4 billion (£1.6 billion) in 2014, up from US$1.3 billion (£850 million) in 2013. Some Lloyds insurers estimate that the mushrooming global cyber insurance market will be worth US$85 billion £55.6 billion) a and the insurance industry is, therefore, rapidly gearing up to provide the level of cover it anticipates will be required over the coming years. Lloyds insurance market in London is now positioning itself to become a global hub for cyber insurance.
Leading Lloyds cyber insurer, the Barbican Insurance Group, reports: "Fortune 500 companies have been known to look for around US$100 million (£66 million) in cyber coverage and this level of risk coverage needs to be spread across a number of insurers – for example at Lloyd’s where syndicates can provide a tower of coverage to meet this demand."
According to Barbican, the chief risk officer of an international organisation can fly over to Lloyds in London and potentially in a matter of hours place their whole cyber insurance programme.
Some insurers are also targetting the lower end of the cyber insurance market, believing that small-to-medium sized enterprises (SMEs) need cyber cover even more urgently than bigger players as they are less able to absorb the costs of a cyber attack.
"The situation is very different for SMES than it is for large companies, who can generally bear the brunt of a cyber attacks; SMEs that do not carry sufficient cyber insurance can be easily be forced into liquidation," says Philippe Rambaud, International Business Development Director of Axaq legal protection.
Axaq already has four year experience of providing cyber insurance in France, two in Belgium and began operations in Italy and Singapore last year. This year, it intends to launch in Germany and is looking at the potential for product development in the UK.
But although some of the world's leading insurers are now making bullish sounds about addressing this huge potential market, there are numerous pitfalls ahead for insurers and the companies they are covering.
The insurance industry is now comparing the current state of cyber insurance to that of airplane insurance in 1915 - exactly a century ago. In that year, there was an explosion in the number of aircraft being made and the level of risk to the primitive planes and their aviators was all but impossible to quantify as many aircraft were still largely experimental. In 2015, companies which have eagerly embraced digital technology in mission critical of their business are now seeing organised criminals and terrorists exploit vulnerabilities in their communications and IT networks to siphon off cash and steal valuable privileged data. In many cases, organisations approaching insurers have already been unwittingly compromised.
Average of 315,000 varieties of malware created every day
According to Internet security adviser Kaspersky Lab, an average of around 315,000 new varieties of malicious malware are created every day of the year. As it would be impossible for corporate software providers such as Microsoft to deliver so many patches, companies and their insurers must employ more effective cyber defences.
A major problem is that many organisations still rely heavily on outdated anti-virus software,which only protects against known viruses and is useless at guarding against modern malware. Modern software such as that created by developers such as UK-based Glasswall Solutions enables organisation to filter incoming communications, identifying "known-good", while briefly quarantining messages from suspicious sources.
"At this point there is no market standard policy in cyber insurance generally... The key for insureds is to have open discussions with their insurance broker to identify the key areas of concern, prior to approaching the insurance market, and this should result in ensuring the correct solutions are found," says Lyndsey Bauer, TMT Practice Leader at Paragon International Brokers.
Rather than providing comprehensive cover designed to cover any eventuality, some companies are instead opting for limited coverage which will cover the costs of informing the authorities and customers of a cyber breach and taking remedial action. According to the 2014 Cost of Data Breach Study: Global Analysis, sponsored by IBM, the average cost of a cyber breach to a company was US$3.5 million (£2.3 million) - a 15 per cent rise on the average cost for the previous year.
This level of coverage is, however, too small to offset the kind of reputational damage that can ensue following a cyber attack. The potential cost of, for example, a cyber breach which resulted in a company's latest product designs being stolen and sold to an overseas rival could run into billions of dollars in the case of, for example, a global IT company or carmaker.
But however great the challenges now facing the industry may be, the global market for cyber insurance is now set to mushroom over the current months and years.
by Stuart Poole-Robb, chief executive of business intelligence and cyber security adviser of the KCS Group.