Three high profile ransomware attacks – WannaCry, Petya, and NotPetya – that hit global organizations this year raised awareness of just how much work needs to be done to secure data and operating systems. However, they represent just a small fraction of the numerous malware, phishing, spear phishing and other attacks that are targeting individuals, enterprises, and government agencies each and every day.
While enterprises have spent billions of dollars trying to prevent and defend themselves against attacks, what attacks like WannaCry have shown is that this is not the only type of protection that is needed. They must account for financial losses as well.
This need for protection from the financial fallout of a cyberattack has created a significant market opportunity for insurance companies. However, creating viable cyber insurance policies isn’t as easy as simply printing up some brochures and taking raking in the money.
According to Michael F. Reilly, Managing Director of Insurance Strategy at Accenture, insurance companies are seemingly struggling with how to make cyber insurance policies profitable. In a recent three part series, Reilly outlined the challenges that are faced by insurance companies when it comes to underwriting cyber risk, and the services that carriers should implement for customers that extend beyond coverage.
One of Reilly’s most apt observations is that the lack of data available to model cyber risk is what is standing in the way of underwriting and policy development. Reilly notes that “while traditional insurance risks and loss expectations such as catastrophe and natural disasters are fairly well modeled and understood, modeling and available data for cyber risk remains in its infancy.” Without precedent there are “numerous questions regarding claims and coverage. This newness of cyber risk creates challenges for insurers in establishing policy terms and pricing risk,” he continues.
While cyber security challenges are not new, the desire to insure against them is definitely a game changer. In contrast to traditional insurance models for natural disasters, insurance companies simply don’t have the precedents and historical data necessary for models.
In an upcoming series of articles on the Insurance Technology Insider, we’ll take a deeper dive into this challenge, and look at some of the advanced technologies that can help insurance companies gain the most insight out of the cyber risk data that they do have.