There is significant growth potential for cyber security insurance products in Europe, according to an August study by the European Insurance and Occupational Pensions Authority, although many market challenges and issues remain.
The report, “Understanding Cyber Insurance – A Structured Dialogue with Insurance Companies,” points out that most earlier studies focus on either the United States or global cyber markets, rather than specifically looking at the European environment. After all, upwards of 90 percent of cyber insurance policies are sold to Americans and as little as 5 percent of premiums come from Europe.
The intentions were clear and honourable, to engage with a group of 13 (re)insurers from Switzerland, France, Italy, Germany and the United Kingdom around a set of 14 qualitative questions that would generate insight into the cyber insurance landscape in Europe.
However, the report has limitations. The sample size is small, and the responses indicate that it is skewed towards global reinsurers and composite insurers. Some responses may have been slightly different had more insurers from the mutual and cooperative sector been consulted.
One of the main outcomes is a clear need among suppliers and customers for a deeper understanding of cyber threats. The report criticises a lack of claims data within the industry in being able to evaluate cyber risk from the insurer side. This is an excuse that has been radiating the market for over 10 years. Speaking for a company that handles more than 65,000 cyber events a year, this excuse is unconvincing. There is plenty of data, the question is how accurately past data can predict future events.
The mutual/cooperative advantage
The lack of understanding on the demand side holds more merit. However, the mutual/cooperative sector has a distinct market advantage in this area, especially given their increased visibility and growing positive reputation in recent years. No other group of insurers is closer to its customers or more fundamentally understands the specific risks that they face than the mutual and cooperative sector. Trust in insurers is much higher within the sector and that allows for greater penetration within the market.
The cyber insurance market in the U.S. serves as shining example of what is possible, but it remains far from perfect. Penetration within the market sits at 20 percent, but when you exclude large companies it is closer to 2 or 3 percent. Mutuals and cooperatives have the right relationships to take a fresh approach in distributing cyber amongst their member policyholders to fix this.
Worldwide, more than 7 million records are lost or stolen every day. Both small businesses and individuals around the world are more likely to suffer a cyber attack than a fire or other natural disaster, and the risk is growing. Insurers would not dream of selling a commercial or personal package policy without fire cover. So why do they insist on selling them without cyber cover?
Focus on individuals
The report’s second major finding is around this personal lines space. The advent of IOT technology has made it more important to shift focus from the corporate entities that have been the traditional buyers of cyber insurance. Mutuals with their understanding of lifestyle and non-profit businesses can make this connection more easily and will retain a significant market advantage.
The EIOPA has included further survey questions in their 2018 stress test, which will be completed by 78 percent of the European market. This will clearly produce more reliable and representative results. Here’s hoping that exercise better represents the unique position of mutuals.
Thomas Spier is Divisional Director of Global Markets for CyberScout.