Eric Cho, Senior Cyber Underwriter, Munich Re; email: [email protected]
Serene Chan, Regional Head of Cyber, Asia Pacific, Munich Re; email: [email protected]
With the established role of insurance in mitigating traditional risks, there exists a compelling case for the utility of insurance in addressing the consequences for entities facing emerging cyber vulnerabilities. This article investigates the burgeoning demand for cyber insurance policies, which serve to mitigate financial losses sustained by businesses as a consequence of cyber incidents.
This paper explores the role of cyber insurance. The main themes we investigate are:
- Introduction to cyber risks and cyber insurance.
- The benefits and challenges of cyber insurance.
- Government involvement and the future.
Cyber insurance policies first became available in the 1990s, focusing mainly on third-party liability for cases in which companies may have leaked customer data as a result of a cyber incident. Since its inception, the product has seen rapid evolution and growth, driven by the need for more comprehensive coverage for clients and a general increase in awareness of cybersecurity.
The increase in adopting cyber insurance is a testament to its benefits. Cyber insurance is a core risk-management solution for companies to transfer their underlying cyber risks. Despite companies investing more in their cybersecurity, there are numerous cases of cybercriminals gaining unauthorised access to data, leaving companies and their customers exposed to financial loss. As long as the incident is insurable, companies can claim against their policies to reduce the financial losses and, in most cases, receive crisis-management support. Obtaining cyber insurance also involves underwriting, for which companies’ cybersecurity policies and controls are assessed by insurance companies. This underwriting is rigorous, and necessitates that companies adhere to insurers’ cybersecurity expectations in order to qualify for cover.
Cyber-attacks are an almost inevitable fate for many companies. Therefore, cyber resilience is fundamental for successful and sustainable digitisation of the economy and society. Cyber insurance can play a vital role in ensuring a tangible solution for companies. The public sector, including governments and regulators, must also play an active role to catalyse awareness of cyber risk and the corresponding risk transfer solution, as cyber insurance is a relatively new product. Increased dialogue and transfer of knowledge that occurs from cyber insurance can help to foster a more resilient digital economy, safeguarding the interests of individuals, businesses and society.