Cyber risks pose a financial threat for insurers, even those that do not offer cyber insurance. Products must be adjusted accordingly, GlobalData says in its most recent report.

“The growth of cyber insurance is widely regarded as good news for the insurance industry. However, even insurers not offering cyber cover could find themselves being impacted financially by having to cover the cost of cyber-related claims due to ambiguous policy wording,” the data and analytics firm explains.

GlobalData says that insurance providers may have to cover the cost of cyber claims on traditional policies such as business interruption.

Businesses also worried

A survey done by Zurich found that 82% of managers surveyed think cyber risks have become a major source of concern for their organization. Furthermore, 95% of them expect that upcoming disruptions of business operations in their firms will be covered by their cyber insurance policies.

The survey also showed that an increase in headlines about ransomware attacks in the last 12 to 18 months is heightening firms’ awareness of the risk of business interruption.

More attacks than insured companies

GlobalData adds that in the United Kingdom, more SMEs have detected a cyberattack than have purchased cyber insurance.

“The considerable growth in the uptake of cyber insurance is being driven by a combination of factors. Firms’ increased awareness about their exposure to cyber risks is playing a key role. However, this awareness is not restricted to cyber insurance policyholders. The percentage of SMEs that detected cyber breaches or attacks was greater than the percentage with cyber insurance in place across 2016–18. For example, in 2018, 40% of micro businesses detected a cyber-breach yet only 14% had cyber insurance in place,” explains Daniel Pearce, Senior GlobalData insurance analyst for GlobalData.

Clarifying matters

Pearce urges insurers to clearly spell out what they cover regarding this type of risk. He gave the example of AIG that, starting in 2020, will ensure that its insurance policies clearly define what cyber risks are covered or not, for individuals and businesses alike.

“Clearly, steps such as this, which clearly outline what cyber risks are insured, will benefit insurance providers, enabling them to exert greater influence over their exposure. Moves such as AIG’s transition towards affirmative cyber insurance will help ensure policyholders have a clear understanding of which cyber perils are covered through a commercial insurance policy that is not cyber-specific. This, in turn, will help businesses owners more easily identify the benefits offered by a specialist cyber insurance product,” he says.

“The cyber insurance marketplace is expanding and maturing to meet the increasing demands of corporations concerned about the ever-evolving cyber risks. Businesses are not only buying more coverage, they are asking for innovative and robust solutions that address menacing new threats,” says Paul Horgan, head of U.S. Commercial Insurance at Zurich.