Cyber Risk and Data Security Top of Mind at Insurance and Risk Linked Securities Conference
The cyber insurance market is growing significantly; it's more than doubled in the past two years growing from $1 billion in 2013 to $2.5 billion 2015.
1 April 2016
Not surprisingly, the cyber insurance market is growing significantly; it's more than doubled in the past two years growing from $1 billion in 2013 to $2.5 billion 2015. This trend is likely to continue according to Allianz Global Corporate & Specialty’s "A Guide to Cyber Risk" report, “the cyber insurance market is expected to grow by double-digit figures year-on-year and could reach $20bn+ in the next 10 years.”
The Evolution of Cyber Threats
The top concerns related to a cyber attack according to a 2015 NYSE survey, include:
- Brand damage due to customer loss
- Costs of responding to an attack
- Loss of competitive advantage due to espionage
- Regulatory and compliance violation
So the real question becomes what can we do to mitigate these risks? There might not be one right answer, but looking at how these threats have evolved overtime might give us some perspective. First, there was personal ID theft through phishing and social engineering. Then, more comprehensive distributed denial-of-service (DDoS) attacks and outright destructive tactics like seen in the Sony hack.
Is data integrity the next frontier?
How can you make sure data has not been manipulated during an attack? For corporates and government institutions that hold personally identifiable information, this is especially important. At Intralinks we have thought about this extensively and built tools in our technology platform to help users keep control over their data. Our Information Rights Management capabilities let authorized users control documents from being edited, shared or even printed in certain geographies.
We are moving to a state where cyber threats are multidimensional, complicated, and highly sophisticated. The cybersecurity landscape continues to evolve as we grow even more interconnected — now it has become an enterprise-wide risk management focus. Maturity levels vary by industry, with the financial sector ahead of its peers. Undoubtedly, cyber threats will become a bigger issue as we continue to see real balance sheet consequences.
Managing Cyber Risk
As a corporate, some challenges come with managing cyber risk:
- Data protection legislation and the general regulatory environment will become more stringent including the fines that come from breaches
- There is little standardization in the market and the coverage is varied
- Companies might not know their exposure, making it hard to manage policies
In the face of these challenges, service and advisory components are becoming more popular as corporates seek advice on what portion of their mitigation spend should be put towards insurance. Currently more money is being spent on security measures (like firewalls), rather than on insurance premiums, but this is likely to change, according to panelists.
Cyber Risk and Bonds
The breakout session concluded with a discussion around cyber threats and the ILRS market. Panelists agreed that the cyber insurance market could be a great place for traditional catastrophe bond investors to gain diversification as risk models get updated. In the future, there could be a catastrophe bond (cat bond) for cyber risk when there is more of a history of predictability and stability for fine tuning risk models.
Knowing or being able to guess the probability of an attack is necessary for investors to get comfortable with assuming the risk. Will cyber risk grow and evolve into the capital markets? Possibly, but the human nature of cyber crime makes it harder to model. As the leading provider of Virtual Data Rooms for IRLS deals, we will be here to help facilitate the process when the market is ready for a cyber risk cat bond. Putting preventive security measures, processes, education, and tools in place can help organizations reduce their cyber risk.