Swiss Re: Cyber-Insurance Industry Must Reform – Infosecurity Magazine

The insurance industry needs to standardize its data collection and policy language as well as hire more experts if it wants to ensure more companies benefit from coverage, Swiss Re has argued.

The insurer claimed in a new report, Cyber insurance: strengthening resilience for the digital transformation, that 90% of cyber-risk is currently uninsured.

“As cyber-attacks have increased, so has awareness of the risk – and with it, demand for cyber insurance is growing,” argued the firm’s chief economist, Jérôme Haegeli.

“However, due to the high degree of uncertainty regarding expected losses and the evolving nature of the risk, its insurability is limited. This in turn restrains market capacity.”

Among its suggestions for ways to overcome these challenges are improving data and modelling, and increasing contract consistency and clarity.

The report argued that, at present, future risks are usually predicted based on backward-looking data, which is sub-optimal amid a rapidly changing threat landscape and risk environment.

It said that introducing security standards to the mix would improve data breadth and transparency, driving more meaningful risk insight and accurate pricing/modelling.

Swiss Re also called for insurers to invest more in cyber talent to strengthen key actuarial and technical skills, which they need to support underwriting and claims management.

Also symptomatic of the immaturity of the industry is a lack of standardization around exclusion clauses and T&Cs, the report claimed.

As a result, there’s still confusion over attribution of cyber-incidents and responsibilities in the event of a serious event, it said.

Clarifying these in contracts and providing greater consistency across the industry will ultimately help to drive increased capacity, the insurance giant claimed.

The report warned of a “systemic fallout” from a serious cyber-related disruption to critical infrastructure, which could “overwhelm” the industry if such changes aren’t enacted.

It also suggested a public-private partnership (PPP) scheme where risk is split between government and insurers as one way to potentially fill the protection gap. Another option would be to tap the market for insurance-linked securities, it added.

“The cyber-insurance market has tremendous growth potential. However, the market needs to mature further to ensure enough insurance protection is available,” argued Swiss Re’s head of cyber re-insurance, John Coletti.

“Our industry has a key role to play by addressing three issues: improving data and modelling, increasing contract consistency and clarity and identifying new sources of capital.”