In today’s rapidly evolving digital landscape, the intersection of reinsurance and cyber insurance presents a significant business opportunity. According to a recent study by Guy Carpenter, the cyber insurance market is currently valued at around USD 14 billion, with USD 9 billion in the domestic US market and USD 5 billion internationally. While the US has the longest history with cyber insurance, international markets are experiencing the fastest growth rates. Large companies have the highest penetration at 41%, followed by midsize companies at 27%, small companies at 20%, and micro companies at 12%. However, the analysis primarily focuses on the corporate sector, leaving out the micro, small commercial, and personal lines segments.
The micro and small commercial segments, as well as the personal lines market, hold significant untapped potential in terms of cyber insurance. Traditional research and data analysis in this field often neglect these sectors, excluding valuable insights into their unique needs and risks. However, recent efforts by industry experts aim to bridge this gap by shedding light on the comprehensive spectrum of cyber risk.
The goal of insurers and reinsurers in the cyber insurance space is to offer comprehensive solutions that cater to all customers, without segmenting or compromising coverage. The aim is to provide fair rates and comprehensive protection, aligning with the ethos of mutual and cooperative companies. Recognising cyber risk as a ubiquitous threat affecting all individuals and businesses, insurers are actively seeking ways to address this need. The demand for personal line cyber insurance solutions currently outweighs the demand for small commercial solutions, with insurers increasingly turning to reinsurers for support. Roughly 95% of these personal line products are fully or proportionally reinsured, reflecting the urgency and collaborative nature of addressing cyber risks.
Contrary to popular belief, cyber risk extends beyond technical exposures. While cybersecurity measures have improved for high-risk organisations such as banks and insurance companies, the methods employed by cybercriminals have evolved. Today, the focus is on social engineering scams, which have reached unprecedented levels. These scams are multifaceted and highly sophisticated, often combining data harvesting and subsequent fraudulent activities. Impersonation techniques used by scammers have become nearly perfect, making it increasingly challenging for individuals and organisations to detect and defend against such attacks. Cybercrime has transformed into a lucrative black-market industry, targeting individuals and businesses alike.
Claim data from various insurance companies reveals the evolving trends in cyber insurance claims. Ransomware, which was the dominant claim type in 2019-2020, has seen a decline, possibly attributed to factors like the Ukraine war and Western interventions. Instead, social engineering scams have surged, becoming the leading cause of claims. These scams, unlike ransomware, are less challenging and more successful in terms of data harvesting. The merging of personal and business exposures has also resulted in intertwined claims, where activities conducted on personal devices can lead to breaches in business systems and vice versa. Overall, cybercrime aimed at data harvesting and fraud has become the primary driver of claims in the cyber insurance landscape.
Surveys conducted among consumers in North America reveal their reliance on the insurance industry to address cyber risks. The insurance industry is perceived as a trustworthy group that can provide solutions and protection in the digital age. However, there is still work to be done in terms of educating consumers about the importance of cyber insurance and its coverage. Many individuals and businesses are unaware of the potential risks they face and the available insurance options. Building trust and raising awareness through targeted marketing campaigns, educational initiatives, and clear communication of policy terms and conditions are crucial in expanding the adoption of cyber insurance.
Unive, Netherlands, embarked on its cyber journey two and a half years ago in response to the increasing concern about cyber threats in the country. As a mutual insurer, Unive recognised the need to address this market gap and provide better service to its customers. To achieve this, Unive partnered with Cyberscout and created Unive Cyberhulp, a comprehensive cyber protection proposition integrated into all its products. This offering includes a 24/7 cyber helpdesk for all members and an insurance safety net for cybercrime linked to product ownership.
To introduce cyber protection to its members, Unive chose to implement a basic cybercrime proposition for all customers, which included adding a cyber clause to all products. During this one-year implementation period, Unive communicated about cyber risk to its members, explaining the price and value increase associated with the insurance. To ease customer transition, Unive decided to offer cyber insurance for free during the first year, resulting in a successful adoption as customers appreciated the added protection. Looking ahead, Unive is now planning to further enhance its cyber journey by expanding coverage options on demand and providing additional services to its members.
Given the evolving and complex nature of cyber risks, collaboration between reinsurers and insurers is essential for the success of the cyber insurance market. Reinsurers play a crucial role in providing capacity and expertise to insurers, enabling them to offer comprehensive cyber insurance solutions. By leveraging the reinsurers’ knowledge and experience in underwriting and risk management, insurers can enhance their product offerings and effectively navigate the evolving cyber risk landscape.
The regulatory landscape for cyber insurance is still evolving, presenting challenges for insurers and reinsurers. Governments and regulatory bodies worldwide are trying to find the best ways to address cyber risk and establish appropriate frameworks for insurers to operate within. Issues such as data breach notification requirements, privacy laws, and the assessment of cyber risk are areas of ongoing development. The establishment of industry standards and best practices can help streamline the underwriting and claims process, enhance transparency, and promote consistency in cyber insurance offerings.
Session speakers:
- Matt Cullina, Head of Global Cyber Insurance Business, Cyberscout (A TransUnion Brand) (USA)
- René van der Linden, Director, Univé Re (Netherlands)
- Jeffrey Cron, SVP – Cyber & Product Development, Berkley Re Solutions (USA)
- Liz Kim, Cyber Reinsurance Broker, Gallagher Re (USA)