The recent disclosure of a major data breach at retailer Home Depot has once again put the spotlight on the increasing vulnerability of businesses to cyber threats and the need for cyber insurance.
But companies are uncertain of how much insurance coverage to acquire and whether their current policies provide them with protection, according to a new report by Guy Carpenter.
It speculates that one of the roots of the uncertainty stems from the difficulty in quantifying potential losses because of the dearth of historical data for actuaries and underwriters to model cyber-related losses.
Furthermore, traditional general liability policies do not always cover cyber risk, Guy Carpenter says.
It notes that in the United States, ISO’s revisions to its general liability policy form consist primarily of a mandatory exclusion of coverage for personal and advertising injury claims arising from the access or disclosure of confidential information.
Though still in its infancy the cyber insurance market potential is vast, Guy Carpenter reports. It cites Marsh statistics estimating that the U.S. cyber insurance market was worth $1 billion in gross written premiums in 2013 and could reach as much as $2 billion this year.
The European market is currently a fraction of that, at approximately $150 million, but could reach as high as EUR900 million by 2018, according to some estimates.
Guy Carpenter also warns that cyber attacks are now top of mind for governments, utilities, individuals, medical and academic institutions and companies of all sizes, noting:
Cyber attacks also present a set of aggregations/accumulations of risk that spread beyond the corporation to affiliates, counterparties and supply chains, it adds.
Check out the I.I.I. paper on this topic: Cyber Threats: The Growing Risk.