Quantifying Cyber: How Insurance Carriers are Meeting the Challenge of Covering an Ever-Changing Risk Landscape

Insurance 5 8Lom5vni

With insurance companies facing an average of 113 targeted breaches a year, it can be argued that cybersecurity is one risk the insurance industry is not prepared for. Prominent breaches, such as the Premera Blue Cross and Anthem attacks, saw a combined 90 million customer records fall into the hands of nefarious actors and the subsequent damage to both customers and carriers cannot be underestimated.

 

And yet, from this growing trend, opportunities are increasing; the sector is largely untapped, with experts projecting cyber insurance premiums to rise to more than $8bn by 2020, a substantial increase from $1.87bn in 2017. Premium growth will continue to rise over the next decade as the concept of cyber insurance becomes more entrenched across the sector. For comparison, Deloitte found that US P&C premium revenues rose only 4.6% in 2017 and this was the most such premiums had risen year on year in a decade. It is clear that for the right player with the right product, huge portions of the cyber insurance market are there to be won.

 

Adapting to customers’ cyber security needs is a clear opportunity for carriers to achieve rapid growth in a sector that is otherwise at capacity. However, carriers face many challenges before they can begin to maximize the potential in covering cyber risk. Insurance Nexus spoke to a panel of senior insurance executives and cyber risk experts to discover what the landscape looks like for carriers moving into cyber coverage.

 

Access the exclusive whitepaper, Quantifying Cyber: How Insurance Carriers are Meeting the Challenges of Covering an Ever-Changing Risk Landscape, for detailed insights into:

  • Why underwriting for cyber risk poses challenges
  • The contribution made by catastrophe modeling
  • How to anticipate exposure to risk
  • The threat from quantum computing
  • The importance of customer education

 

This whitepaper was written in association with Insurance Nexus’ upcoming Cyber Insurance USA Summit 2019. The conference, which will welcome over 150 senior executives from across cyber, product, claims and business teams, will take place on November 4th and 5th, 2019, in Chicago, Illinois. For more information about this and other Insurance Nexus events, please visit the website: https://events.insurancenexus.com/cyberusa/ or contact Kamilla Rakhmat directly.

 

Contact:

Kamilla Rakhmat | Project Director

Project Director

Insurance Nexus

T: +44(0)20 7375 7523

E: kamilla.rakhmat@insurancenexus.com

What Every InsurTech Should Know About Privacy and Cybersecurity

by Theodore Augustinos | May 14, 2019 | InsurTech, Privacy/Data Security/Cyber Risk | Bermuda, European Union, Hong Kong, United Kingdom, United States

LL-SQ-RGB-border-c

As an early stage or startup InsurTech, you’re highly focused on all the right things: identifying a challenge for the insurance industry, developing an innovative technical solution, making it practical and scalable, getting it funded, and implementing it. The industry for which InsurTech seeks to develop and deliver solutions is awash, however, in requirements and restrictions related to the collection, use, sharing, and protection of data. What do you need to know about the insurance industry’s privacy and cybersecurity issues that affect your InsurTech solutions?                                                                                                                                                        

Make Privacy and Cybersecurity your Competitive Edge

Insurers, producers and others that are potential sources of funding and potential customers for InsurTech solutions are increasingly focused on privacy and cybersecurity issues. This focus is driven by their developing legal and regulatory environment, and by their interest in mitigating privacy and cybersecurity risk. Your ability to attract interest will only improve if you display awareness of and sensitivity to these issues. Your InsurTech will stand out and enjoy a competitive edge if you have basic answers to the questions any investor or customer will ask about privacy and cybersecurity compliance and risk mitigation. Conversely, your great ideas will be undermined if you give the impression that your solution hasn’t been built with these issues in mind.                                                                                                                                                                                                                                                                                                                                                     

To exploit this potential competitive advantage (and avoid the risk of the uninformed), you may not need to become a privacy and cybersecurity expert, but you do need to have some understanding of the issues that will be of concern to your potential investors and customers.

         

The following are suggestions for turning potential privacy and cybersecurity pitfalls into a competitive advantage.

1. Know what data you collect and process. Privacy and cybersecurity issues are determined by the types of data collected and processed. Make sure you know what your designers and programmers are setting up in terms of types and methods of data collection. Privacy and cybersecurity issues turn on types of data, and you need to have, and to be able to provide, full visibility into your data collection and processing. Companies sometimes collect more data than they intended or knew about, simply because designers and programmers thought additional data sets might be useful someday, or in some future application. Know what data you’re collecting and processing.                                                                                                                                             

2. Appreciate the rules of the road. There is a complex, changing, and increasingly onerous regime of privacy and cybersecurity requirements that affect the customers of InsurTech. Insurers, producers and other users of InsurTech solutions will need to make certain that your solution satisfies these requirements. Assume that any data collected and processed by your solution can be subject to these requirements. You don’t need to be expert in these requirements, but you do need to be aware of them.

 

Basically, depending on what laws and regulations apply, know that information that is identifiable to an individual may be subject to notice, disclosure and other requirements; limits on use and transfer; restrictions on retention; and rights of access, correction, portability and erasure. In some jurisdictions, other types of data including certain commercial data may also be restricted, and data related to military and dual use technologies can also be subject to data export and other restrictions. In addition, InsurTech customers may have contractual obligations or published policies and notices that restrict the collection, use, storage and transfer of certain data. Build your solutions with the understanding that your potential customers may not be able to use them unless they are consistent with these requirements.