As business practices continue to be absorbed into the virtual sphere, a whole new vista of potential threats is opening up, and consequently the need for cyber insurance coverage rises exponentially.
Figures from data and analytics company GlobalData suggest that cyber insurance penetration increased by 14 per cent among small and medium-sized enterprises (SMEs) in the UK in 2018, a positive sign, but the company firmly believes that the market is ripe for significant global expansion over the next few years.
GlobalData’s new report, Thematic Research: Cyber Insurance, suggests that the US cyber insurance market, which is a good deal more developed than its European equivalent – at least in terms of overall size – should be held up as an indicator of how successful the market in Europe could be, given the right conditions.
One red flag for the industry should be that while cyber risk is evolving dangerously fast, with bad actors seemingly coming up with new and creative ways to disrupt businesses every other day, cyber insurance products are still in their infancy. Understandably, those developing these products have mostly concentrated on bigger corporates, but the SME market should not be left behind, and GlobalData believes that these smaller entities will become more of a focus over the coming years.
The firm strongly believes that partnerships between insurers, who are facing severe disruption at all points in the value chain due to rising cyber risk, and figures outside of insurance – such as providers of cyber security products – will be absolutely essential to navigating this new landscape and making sure that policyholders get the protection that they require.
“The main area in which partnerships will prove essential is in the claims environment,” said Daniel Pearce, Insurance Analyst at GlobalData. “Failure to effectively manage the fallout following a cyber incident can result in the associated costs spiralling. Partnerships with cyber security experts will reduce the possibility of mismanagement, reducing the costs for both the affected business and the insurer.”
Those concerned that the cybervillains may be winning the cyberwar can take some comfort from political developments this week, as the European Parliament voted to adopt the new EU Cybersecurity Act, the first EU-spanning certification scheme for cybersecurity. It will mandate that all certified products and services sold in countries within the EU will have to meet a certain standard of cybersecurity, enhancing the security of connected products and devices such as IoT-enabled technology. Security features will henceforth be baked into the underlying design of products, a far more effective strategy than adding them after the fact.
The act will also help to increase countries’ capability for tackling cyber threats, support enhanced preparedness and capacity building, and promote better awareness of cyber risk for businesses, citizens, member states and EU institutions.