Cyber-crime is also an opportunity for insurers
The threat of cyber-crime, and the regulation designed to protect against it, have become a cost of business for insurers, along with everybody else. But it also represents a new type of risk for them to cover.
My previous three blog posts focused on the reality of cyber-crime, and how insurers could use big-data analytics to help protect themselves—like all financial services companies, they hold highly confidential client data that has to be safeguarded. But, at the same time, they also have a wider role to play in helping their clients mitigate their own cyber-risk. First of all, some additional facts – I quoted a few in the first post in this series. These are usefully collated from a range of studies in a recent report on Cyber risk trends by Novarica:
- Current cyber-risk is estimated at $1.3 billion, with the potential to grow to $2 billion by the end of 2014.
- 85 percent of executives cite cyber-attack as a top risk, with 69 percent seeing the associated reputational costs as far outweighing financial costs.
And yet, as the Novarica report points out, few insurers indemnify losses over $50 million—in part, it would seem, because the tools for assessing the effectiveness of clients’ security defenses are still immature (to say the least). At the same time, though, regulatory pressure is driving huge demand for insurance cover of cyber-related liabilities.
A recent article in Fuel Fix, an online magazine for the oil and gas industry, helps to quantify the risk. It reports that a hack of the systems belonging to the retailer Target has already cost $148 million to fix—and counting. It also cost the CEO his job. The article goes on to point out how much greater the risk is for companies like those in the oil and gas industry, whose operations threaten the environment and thus human life—operations that are controlled by computers and thus vulnerable to cyber-attack.
The same is true of many other industries—consider the consequences of a rail company having its control and signaling systems compromised, leading to massive accidents, or a malfunction on an energy grid that closes down plants and inconveniences millions.
At the moment, it seems like companies have to be content with cobbling together liability cover from several policies—no single policy currently exists and, as noted above, liability amounts are still way too low.
All of this means that there are two distinct opportunities for far-sighted insurers. One is the careful construction of comprehensive cyber-liability cover for business clients, a product that is informed by a clear understanding of the risks and the defenses put in place by the company. To achieve this, they will need to develop strong analysis techniques to match risk and defense.
The second opportunity is potentially even more interesting: a consulting service to help clients improve their cyber-defenses in order to manage their risks better. This type of enhanced role is one that individual consumers are starting to demand of their insurance companies (read the Accenture 2013 Consumer-Driven Innovation Survey: Playing to win to learn more), and I think this trend will become more evident in the business world, particularly when it comes to very complex issues like this. Everything points to a redefinition of the insurance value chain, and this is one of the factors that will drive this trend. It’s equivalent to the way in which health insurers are developing the means to help customers improve their health and so manage their medical risk.
None of this will be easy to pull off, of course, but already those insurers with a keen eye for the future are starting to move in that direction. I predict we will see more such developments over the near term.
To read my other posts on this topic, click here. To read more on how (and why) the insurance value chain is set to change, read some of the blogs by my colleagues: Jean-François Gasc’s Disruption: Challenge and opportunity for digital insurers, Mark Halverson’s Big Bang Disruption: An insurance perspective and Thomi Meyer’s Accenture Technology Vision 2014—Big is Back.