With the increasing commonality and severity of cyberattacks, it is becoming more and more necassary for organisations to protect their digital assets with cyber insurance.
Cyberattacks are both more likely to happen and more dangerous when they do than ever before, they are often designed to plunder organisations financially, but they can also be maliciously destructive. This makes cyber insurance vital.
A recent study from the Office of National Statistics on fraud and cybercrime in England and Wales recognised that hackers are increasingly turning away from consumer targets in exchange for more profitable business ones. This finding is representative of the increasing risk posed to valuable digital assets by cybercriminals, and subsequently the increasing need for cyber insurance.
We live in a world where data has become truly precious, an asset of the utmost importance that must be protected. Insurance policies related to cyber risk could include first-party coverage against data destruction, DDoS attacks, extortion and of course, theft. Cyber insurance can also be applied to protect against human failure, the root cause of so many cybersecurity incidents.
In this list CBR sets out to look at some of the top providers of these policies, producing an overview of key features and also taking a look at innovative approaches to providing this kind of cover.
AIG aims to provide an end-to-end approach to supporting customers with cyber insurance needs, providing loss prevention tools and services geared toward regaining stability following a data breach..
You need no further proof of how formidable this multinational corporation is in the space than the fact it carries in the region of 22 per cent of the cyber insurance market.
Another arrow AIG has in its quiver is the fact that it can compete with many other well-known providers on the basis of experience. The name has been associated with cyber risk for a long period of time, a reassuring fact given the rate of change in the threat landscape. This extensive period of activity indicates that AIG is familiar with the key risks posed today.
Standing as a prime example of this experience, the end-to-end approach taken to cyber insurance by AIG is not a new development. The organisation is also one of the earliest to have taken multi-dimensional attitude that data protection is not the be all and end all, and that there are other dangers to consider as well.
Providing a strong policy with a $10 million capacity for data and network breaches, Hiscox also touches on an area mentioned in the introduction specifically, instances of human failure in the form of employee negligence.
It is worth mentioning that not only does Hiscox provide business cyber insurance, but it also provides this insurance on a personal basis. This is also an area of increasing interest, particularly to high-profile individuals who may draw the attention of malicious threat actors. Some key areas in this cover include hacker damage, cyber theft, social engineering, cyber extortion and cyber media liability.
Among the business areas Hiscox claims to be well suited to include accountancy, law, technology, construction and telecoms. Hiscox also makes the valuable point that cybersecurity should be a top priority for all sizes of business, reinstating the fact that no one can guarantee definite safety from hackers – a prime reason for cyber insurance.
Global insurance broker and risk adviser, Marsh is driving forward a concept called Cyber Assurance, taking the approach of analysing how well a customer is managing the risk. This quantitative assessment uses statistical models that are then applied to the underwriting process.
Recognising a theme of organisations focussing entirely on avoiding breaches in general, Marsh takes the approach that businesses should look to transfer risk in the event of a successful attack, realising the impossibility of complete defensive control.
Like AIG, Marsh sets out to provide a holistic, end-to-end approach to cyber insurance, also realising the complexity of cyber risk. With this attitude the broker aims to suit enterprises in their entirety. The Marsh approach is one of personalisation, calculating the greatest cyber risks facing a particular target and building a policy accordingly, working with the varied and constantly morphing risks of the current threat landscape.
Lloyd’s of London
Lloyd’s makes it clear that technology, and cyber more specifically, has created an entirely new insurance frontier. Recognising how technology now permeates society, the giant of the insurance industry notes the high level of risk this brings with it.
The approach Lloyd’s takes has been formulated to look beyond the protection of finances by also providing a consultancy capacity. Lloyd’s states that the expert level support in this area can actually help customers work towards improving their security, rather than just working with what they have and cushioning the blows.
Leveraging its expansive reach, Lloyd’s boasts access to 77 expert cyber risk insurers from a single point. Harnessing this armada of support, Lloyd’s also looks to provide tailored cyber insurance policies to suit individual customers and their own specific risk landscape.
Willis Towers Watson
Another leading voice in the risk space, Willis Towers Watson also recognises the complexity of cyber threats. For example, the organisation looks at areas including the negligent transmission of a virus, an instance of human fallibility that cannot be erased entirely.
Privacy protection is a central focus area for this cyber insurance provider, supplying cover for reputational risk, a crucial area due to the increasing commonality and severity of data breaches. Factors like the forensic costs to contain a breach are also considered, as well as credit monitoring costs and PR expenses.
Another prime area is protection in the event of loss of digital assets and the non-physical interruption of business. This includes data loss, cyber extortion, cyber terrorism coverage and indemnification for loss of revenue.
Willis Towers Watson aims to add value for customers purchasing cyber insurance by providing access to specialist knowledge, ‘off the shelf’ solutions and extensive experience in handling these claims. Comparable to the Lloyd’s approach, WTW looks to provide a consultative approach to customers in a bid to bolster defensive and assist in the ongoing battle.