Why cyber insurance will become compulsory for businesses (Part 1)

Despite being around for many years, cyber security insurance remains a niche industry segment. But the COVID-19 pandemic has changed the nature of the game. Increased vulnerability resulting from remote working arrangements, as well as an uptick in cyber-attacks during this period, has caused more businesses to request standalone cyber insurance protection. 


With cyber-attacks on the rise, is your business ready? Roger Ying, CEO, PolicyDock explains why you should be.


What's changed in cyber risk insurance?


Cyber insurance used to be part of a package commercial insurance deal, it was more of an add on previously, mainly because I think insurance didn't believe that policyholders would claim. Now that cyber risks are going up, it has become an important issue not only for large multinationals, but also for smaller to medium sized businesses. For example, I have a friend who had paid to pay a ransom by bitcoin so that they could get gain access back into the Enterprise Resource Planning (ERP) system. This proves that no business is too small to be compromised by hackers.


This market was estimated to grow 24% CAGR compound annual growth rate but the report was done before COVID-19. Now that all businesses are moving more towards a work-from-home type of model, there has been an increased cyber risk - hacking - so this has become more top of mind for most businesses. We believe the market is poised to grow to $25 billion by 2025. We think that this estimate has not accounted for the price increase adjustments of between 10-30% across the board by insurers now. We think this market will grow a lot bigger and faster because of COVID.


What does cyber insurance cover businesses for?


It could be a kind of cyber liability like reputational damage, it could also be seen as data breaches and data recovery costs, cyber extortion losses or when a hacker does a denial of service attack that results in business interruption. 


So it's actually really important for people to know what their company’s main exposures to cyber risk are. Someone like Facebook versus an e-commerce store versus a construction company will have very different cyber footprints. Clearly, you are exposed to different risks.


Do you think businesses are doing enough to secure themselves against cyber risks that affect their third-party vendors?


Businesses in the US are starting to ask their business partners to prove that they are adequately protected and insured against cyber risks because they could be indirectly compromised if a breach happens, even getting access as simple as through accounting software. On top of that, regulators are starting to pay attention so these are just some of the cyber insurance market trends.


But generally speaking, businesses are probably not as secure as they can be.


For more information, please contact PolicyDock here.


Related content: