A significant gap in cyber coverage continues to pose a danger to companies in Asia, even as the frequency and intensity of cyber-attacks grow. But with companies often uninsurable due to a lack of preparedness, a shortage of products to fit different scenarios and premiums that are getting more expensive, the gap is unlikely to be closed any time soon.
For insurers, this presents an opportunity to not only develop new products but also expand their customer bases by tapping different types of companies, like small and medium enterprises (SMEs) or even individuals.
Speaking during the first day of the Insurtech Insights Asia 2023 conference Wednesday, a range of insurance industry experts said enterprises need to ramp up investments in both cybersecurity and cyber insurance to deal with the increasing cyber-attacks. But even companies that are willing to buy companies may find unexpected hurdles, in that cyber-insurance is not always available or accessible to them.
“It is fair to say that there is what we call a cyber insurance gap globally and in APAC,” Jeremy Pizzala, Cybersecurity FOP Leader, Asia Pacific at EY.
Unfortunately, there is not enough cyber insurance to go around to cover all those who need it, Pizzala said. Not everyone can afford the premiums and the insurers are adjusting the cost of premiums upwards due to the increasing risks and growing number of claims.
Damage from cybercrime is expected to cost over US$10 trillion by 2025, creating a US$2 trillion market opportunity for cybersecurity and service providers, according to a recent McKinsey report.
“There is a huge gap there, between the actual threat of cyber-crime and the actual cyber resilience that we see amongst all of our clients,” said Alexandra Wrobel, Head of Cyber, Commercial Insurance, Asia at Zurich Insurance.
Wrobel noted that there is increased demand for cyber insurance and all of their offerings caused by cybercrime activity and ransomware.
Pizzala suggested that enterprises need to make sure that they adopt basic cyber hygiene practices and put controls in place because underwriters and brokers will be looking for those to pay out on claims or secure coverage.
“What we are finding is that those key enterprises successful in being underwritten by insurers are those enterprises that have been diligent at building their own cyber defences,” Pizzala added.
Wrobel noted that Zurich Insurance often receives applications from customers who are just not insurable. The company’s experiences are informative for other insurance providers looking to access this particular market or expand their offerings.
When asked how a company can access cybersecurity insurance, Wrobel highlighted two factors, namely governance and the human element.
“The governance is to make sure you have an incident response plan and business continuity plan in place. So, in the event of a cyber breach, you have it available,” Wrobel explains.
In terms of human elements, a Stanford study indicated that 88% of cyber breaches start with a human error so employee awareness training is of utmost importance.
For enterprises, cybersecurity investments and cyber insurance go hand in hand.
“The more you spent on cybersecurity should reduce your cyber insurance premiums,” Wrobel said.
New customers, new markets
Beyond the market for cyber insurance products for corporates, there are opportunities arising from the specific needs of SMEs and individuals for coverage, said Cinde Law, VP, Asia Affinity Customer Experience and Digital Leader at Marsh, a global brokerage.
During and after COVID-19, the number of cyber threats and types of hacks increased alongside the reliance on digital channels for day-to-day activities, jobs and international business.
“So I see huge opportunities. For example, brokers like Marsh and other broker firms can work with insurance companies to design customised cyber protection packages that are specific to customer segments. Insurers can work with tech firms to distribute cyber protection through technology, as well as work with the private sector to understand common needs and different features,” said Law.
Looking ahead, Law believes one trend is how brokers can work together with insurance companies in the private sector to understand the risk profile of specific groups and SMEs to design customized coverage and how to best distribute products.
“These are some of the things that I think, as a broker firm, will increasingly play an important part,” said Law.