Cyber insurance business has run into roadblocks that impedes its growth. These hurdles include lack of actuarial data on cyber attacks, murky disclosures by victim companies and the incredible speed at which a breach can spread globally.
Projections by various insurers and brokers indicate that the cybersecurity insurance market is growing at anywhere between 50-100% annually, reports ET Tech. Yet, actuarial data are scarce in cyber insurance as this is a new line of business.
Mr Sushant Sarin, EVP of Commercial Lines & Reinsurance at Tata AIG General Insurance, said, “While insurers are confident about how cyber risk affects different businesses, they currently face a challenge of lack of actuarial data in this new space. Hence, insurance companies rely on qualitative underwriting assessments to evaluate the risk exposures of each client and their security posture.”
Cyber attacks not only cause financial losses to companies that are hurt by shutdowns or a slowdown in operations but also opens them up to the risk of irreparable reputational damage, regulatory fines as well as legal liabilities in case of a customer data breach. In cyber extortion cases, it is even tougher to quantify the adequacy and requirement of cover.
Mr Sasikumar Adidamu, chief technical officer at Bajaj Allianz General Insurance, said, “In privacy and data breaches, the losses could be financially devastating and with increasingly stringent guidelines and laws imposing stricter than ever penalties, it is not easy to quantify the potential losses.”
He added that due to the increasing use of cloud computing services and platforms, the cyber attacks may lead to breaches on a multitude of connected devices.
Mr Sanjay Datta, chief underwriting, claims and reinsurance at ICICI Lombard, said, “There is a reason for concern. The risk is new and the effects are global. Cyber risk can affect different entities of one company across the globe or different companies at one go. Underwriting cyber insurance is a challenge because there aren't too many models for risk assessment.”
The proportion of Indian firms with cybersecurity insurance is 82%, according to a survey commissioned by financial data and analytics provider FICO. However, only around half have comprehensive coverage, showing there is still a level of risk taken by businesses in India.