Modernizing Cyber Underwriting to Turn Risk into Resilience?

In Vegas, there are no sure bets. The global cyber insurance industry, however, comes close when you’re talking about expansion and growth. According to MarketsandMarkets research, the global cyber insurance market is set to grow from $11.9 billion in 2022 to $29.2 billion by 2027. Reasons include more sophisticated cyber-attacks, increasing potential of financial losses and more complex regulatory compliance. Some areas of business are more vulnerable than others. Industries topping the list with the most cyber insurance claims include manufacturing, financial services and healthcare, plus all highly regulated industries. Cyber-attacks are on the rise with ransomware increasing by 93% in 2021.

As demand increases so too will new questions like: how do you price cyber risk? What do you cover? What do you not cover?

On this point, we turn to Swiss Re, a reinsurance company based in Zurich, Switzerland. According to its research arm, the Swiss Re Institute, “reported cyberattack incidents have grown five-fold since 2016, with monetary estimates of global losses around $945 billion.”

It makes sense.

Claims, Demand, Need for Cyber Insurance Rises on a Global Scale

While the need arises, reinsurance and insurance markets have limited capacity and systemic risk potential when it comes to cyber insurance. According to Swiss Re’s research, cyber insurance falls short of meeting the characteristics of insurability we are familiar with today.

This does not mean; however, insurers have no role in helping businesses protect against cyber risks. Demand is high as both our lives in the digital world and the threat landscape expands exponentially. In its research, Swiss Re experts found the cyber insurance market reached $10 billion in 2021 (a 30% growth since 2017). Brokers are finding claims skyrocketing with premiums rising right alongside heightened demand. Swiss Re predicts the market to grow to $23 billion by 2025, further confirming the researched mentioned earlier.

In his blog, “Cyber Resilience – A Vital Concept in Today’s World,” Swiss Re Chairman of the Board of Directors Sergio Ermotti points out the two-edged sword accompanying digital risks: there will never be 100% security so the mandate is to both protect and be prepared for a cyber event. I agree with his point that insurance is only one part of the solution.

Ensuring Cybersecurity is Evolving Quickly

As cyber insurance solutions grow alongside rising risk, Swiss Re is pioneering the building blocks of cyber insurance by re-examining underwriting procedures, enhancing underwriting requirements and pricing for cyber exposures in property and liability policies, clarifying vague terms and conditions, and better defining limits in cyber policies. Separating pricing for attritional losses from potential catastrophic events is an additional improvement the company feels will add transparency and capacity to the market.

We all know what car coverage we have (even if the print is sometimes small!). The first automobile policy came out in 1897, giving auto insurance more than a century of maturity. Cyber insurance is in its infancy. How should coverage be defined? Possibilities include:

  • Costs associated with a data breach, virus, cyber-attack
  • Network virus or other cyber-attacks, privacy events and network security breaches
  • Network business interruption
  • Media liabilities
  • Reimbursable expenses such as investigation
  • Business losses
  • Lawsuits and extortion
  • Costs associated with privacy and notification

I also believe we all have a great deal of say in how this plays out too. Things we can be doing include:

  • Reframing and being realistic about how we perceive risk now and in the future
  • Becoming educated on cyber hygiene
  • Taking an active role to standardize risk with a common language
  • Understanding disclosure requirements
  • Developing strategic cloud capabilities

Swiss Re helps us “see” the threat landscape with its digital trust pyramid, inspiring us to standardize digital trust and risk – from access to the internet all the way up to human interaction.

As data within the insurance industry increases, the digital trust pyramid amplifies my core belief that real growth lies at the crossroad of humanity and technology.

Guard is Down for Many SMEs

Swiss Re’s commercial insurance arm Corporate Solutions (Corso) has a solution that addresses the unique risk factors for organizations between 10 and 250 employees called CyberSolutions 360o insurance coverage. In partnership with OZON’s integrated cyber protection services, it is both a cyber service and cyber insurance.

This dual approach underscores Ermotti’s points that protection includes being prepared for cyberattacks.

What’s Next

What brought us to this point will not bring us forward. Cybersecurity is a moving target; it is, in a sense, elusive. We learned an important lesson from the pandemic: make no assumptions because the unimaginative might be right around the corner. This is true for people in a connected world yet unfolding.

As Swiss Re advances the societal benefits of digitalization, I will be on the edge of my seat to see how businesses regard cyber resiliency as a business priority.

In a digital-first world, how do you think modernized cyber underwriting will turn risk into resilience?