Japan has seen a sharp increase in the number of policyholders - mainly companies - taking out cyber insurance.
The number of cyber insurance policies in the fiscal year April 2016 to March 2017 (FY16) rose from the previous period. Mitsui Sumitomo Insurance said it increased by 250%; Tokio Marine & Nichido Fire Insurance said it roughly tripled; and AIU Insurance said it increased by 50%. Sompo Japan Nipponkoa Insurance said that premiums increased by 350%, reported The Yomiuri Shimbun without citing absolute amounts.
Behind the increase in the number of cyber insurance policies is the recognition by businesses that sizeable losses can arise from information theft that can hamper operations.
According to research by the Japan Network Security Association, a nonprofit organisation, there were 468 cases of information theft via cyber attacks and other means last year. Although the figure fell by 320 from the previous year, the number of victims who had personal information stolen jumped by 10.15 million to about 15.1 million during the same period. Among the top 10 cases in which personal information was stolen in bulk, eight were caused by cyber attacks.
The compensation paid by the affected companies is estimated to be nearly JPY300 billion (US$2.7 billion). The average amount per case also doubled from the previous year to about JPY674 million.
According to the National Police Agency, the number of cases of targeted attacks using emails, which contained viruses and were sent to companies, increased for three consecutive years. The number of those cases totalled 4,046 in 2016, up by 218 from the previous year, marking the highest number since 2012.
Cyber insurance mainly covers risks related to cyber-attacks. The risks include costs of compensation for damage from information theft, costs of research on possible damage, and losses from the suspension of sales activities or assembly lines. Some cyber insurance policies also cover the cost of examinations conducted when it is feared that companies might have come under a cyber attack, and subsequent advertising to apologise for effects of an attack.
In Japan, the first cyber insurance services were marketed in 2013.