Previous PwC global research revealed that 61% of business leaders across all industries see cyber attacks as a threat to the growth of their business, and 2014 saw an average of 100,000 global security incidents a day. In Ireland PwC’s Economic Crime Survey revealed in 2014 that the incidence of cybercrime had nearly doubled with 62% of business leaders expecting the risks associated with cybercrime to increase by 2016.
Given the high costs of coverage, the limits imposed, the tight terms and conditions and the restrictions on whether policyholders can claim, many policyholders are questioning whether their policies are delivering real value. There is also a real possibility that overly onerous terms and conditions could invite regulatory action or litigation against insurers.
As Boards become increasingly focused on the need for safeguards against the most damaging cyber attacks, insurers will find their clients questioning how much real value is offered in their current policies. If insurers continue to simply rely on tight blanket policy restrictions and conservative pricing strategies to cushion the uncertainty, they are at serious risk of missing this rare market opportunity to secure high margins in a soft market. If the industry takes too long to innovate, there is a real risk that a disruptor will move in and corner the market with aggressive pricing and more favourable terms.
PwC suggests that insurers, reinsurers and brokers can capitalise on the cyber risk opportunity whilst managing the exposures by:
- Maintaining their own cyber risk management credibility through effective in-house safeguards against cyber attacks;
- Robustly modelling exposures and potential losses which will provide a better understanding of the evolving threat and could encourage more reinsurance companies to enter the market;
- Partnering, sharing and coordinating;
- Making coverage conditional on a full and frequent assessment of policyholder vulnerabilities and agreement to follow agreed prevention and detection steps; and
- Replacing annual renewals with real time analysis and rolling policy updates.
For insurers, cyber risk is in many ways a risk like no other. It is equally an opportunity including in Ireland. Insurers who wish to succeed will base their future coverage offerings on conditional regular risk assessments of client operations and the actions required in response to these reviews. A more informed approach will enable insurers to reduce uncertain exposures whilst offering clients the types of coverage and attractive premium rates they are beginning to ask for.