Other parts of this series:
Cyber insurance is a new risk that has emerged as a result of technological and other innovation. Three steps can help commercial carriers better tap into the cyber insurance opportunity.
To date, many high-profile cases of cyber crime have involved stolen data, such as personal data, health information and financial details. But carriers shouldn’t focus their cyber security sights on data compromise, because the future of cyber crime isn’t stolen data; it’s business compromise.
And here is why: eventually, all the data will have been stolen. At that point, the value of the breached data decreases dramatically, especially as organizations put in more controls to limit its use. For example, banks are putting in more stringent controls in response to fraudulent credit cards.
As the value of stolen data decreases, we’ll probably see a shift in the type of crime. This requires organizations to think of how their business could be compromised to make money in a criminal way. Maybe that’s by intercepting automatic monthly bill payments, or finding a way to issue fraudulent gift cards. The thing is, most business are not set up to think about these things in this way.
Three steps for insurers considering cyber insurance offerings
For carriers, cyber insurance is equal parts opportunity and challenge. It’s an opportunity to flex the muscles needed to compete effectively in this as well as other lines of business: addressing customer needs with innovative products, partnering with other organizations to improve outcomes and moving beyond risk coverage to risk mitigation. But it is challenging to do well—and profitably—especially when underwriting is driven by competition, not data-driven risk assessment.
Here are three steps carriers can take to improve their cyber insurance capabilities:
- Stop trying to retrofit existing products for cyber. Cyber comes with unique considerations and requires insurers to build an offering that addresses them. A common approach is to retrofit existing products or base services on terrorism coverage, which was very popular after 9/11. However, carriers that do not acknowledge and account for the unique nature of cyber crime hamper their ability to accurately assess and price cyber risk.
- Work with customers to shore up lines of defense and controls at different levels. As mentioned earlier in this series, breaches are inevitable. That means insurers and customers need to tighten up controls and defenses at multiple levels. Partnerships with security firms can provide more access to information that can help insurers better assess and price risk, and ongoing testing is important. And as I mentioned last week, the only way outsiders can really vouch for security is by testing it, and most insurers aren’t testing their customers’ defenses.
- Get back to risk-based pricing. “Loose” underwriting will inevitably catch up with carriers, and a hardening market will require carriers to take a closer look at their cyber underwriting practices. In the short term, carriers can mitigate exposure by shifting to cyber as a standalone product, and by standardizing and tightening up vague policy language.
To discuss how Accenture can help your organization prepare for the future of insurance—including cyber insurance—please get in touch.