It’s not a big slice of the market yet, but cyber-risk insurance is growing as more businesses realize that it’s really not optional these days.
The question isn’t if, but when a company’s data will be hacked. Much like identity theft, it’s become an inevitability of working with computers.
The Center for Strategic and International Studies (CSIS) said in a June report sponsored by software security firm McAfee that cybercrime comes with a very high cost: more than $445 billion a year, with individuals losing about $160 billion and businesses eating the rest. However, the study also said that global losses could actually be as high as $575 billion.
Companies are beginning to take seriously the need for insurance coverage. According to a Munich Re survey, 77% of mid-size to large companies in the United States will have cyberinsurance in the next year, while 42% of U.S. risk managers will either up their companies’ protection or buy coverage for the first time.
There’s still a sizeable group—23%—that doesn’t plan to buy such coverage, with five out of six saying currently available policies aren’t what they need or that coverage isn’t relevant to their line of business. Folks in the latter group, however, may be kidding themselves, particularly if they think they’re covered with standard insurance.
Companies that think they don’t need coverage because of their type of business may not have realized just where cyber-risk lies. According to Robert Parisi, head of Marsh & McLennan’s network security and privacy practice, “Everyone understands the privacy risk. That’s gotten a ton of press from high-profile breaches [around] lost credit card data. […] What we haven’t seen come to the same level of awareness is the operational risk portion. By that, I’m talking about the structural or operational dependence companies have on their own technology and the technology provided by vendors like cloud services.”
The insurance industry has even “stepped back on traditional property and liability policies and said, ‘We didn’t mean to cover that kind of loss; you have to look elsewhere for that risk [coverage],’” Parisi said.