Many commercial lines insurance companies have begun selling policies to protect against damage from cyber-attacks, ranging from mischievous hacking to large scale theft. As my colleagues Cindy De Armond and John Mulhall noted in a recent Accenture Point of View, cyber policies – which protect against rapidly evolving threats – reflect insurers’ ability to identify a clear need, develop the right product and bring that product to market quickly. With growth in cyber insurance estimated at 30 percent per year, insurers with that ability have access to a source of profitable growth.
There is, however, another side to cyber insurance, what might be called the “morning after.” A cyber insurance policy can compensate a company for losses suffered through cyber-attacks, whether those losses come from compromises to data privacy, from damage to systems and hardware or even for losses suffered by customers if cyber criminals are able to gain access to their financial accounts.
What cyber insurance policies do not typically do – at least at present – is protect victimized companies from damage to their reputations, their brand and market values, and their customer relationships. Some insurers, however, are exploring ways to close this gap. AIG, for example, offers corporate clients access to a panel of public relations experts, and its coverage includes the cost of mail, advertising and other communications costs recommended by panel experts.
Major data breaches are now “adverse events” in the same category as natural disasters, financial wrongdoing, product recalls and other catastrophes that sometimes befall corporations. We can expect to see more insurers looking at ways to help corporate clients, not only with preventing and mitigating cyber damage, but with repairing the brand and reputational damage that follows such an event.
Download Smarter, Faster Product Innovation