Top 5 Reasons You Should Have Cyber Insurance

The average hack cost businesses £857,000 in 2017, according to PwC’s Global State of Information Security Survey 2018.

It is clear that the problem of cyber security is not going away.

And with our recent report showing the extent of sensitive personal and commercial data leaking online, preparation is vital.

Cyber insurance may seem to some like shutting the stable door after the horse has bolted, but here are five good reasons it is crucial.

The risk of getting hacked is rising. Credit: Kaur Kristjan, via Unsplash.

1 – It Can Cover Financial Losses

“A good cyber insurance policy should address business losses from the many impacts of a cyber breach, including data loss, business interruption and reputational damage,” Luke Brown, VP EMEA at WinMagic told Computer Business Review.  He added: “[However] organisations should be working to minimise both the chances of a breach and the impact should a breach occur.”

It’s a point echoed by Andrew Lloyd, President at Corero Network Security, who told Computer Business Review: “Just like buying fire insurance is not an alternative to investing in smoke alarms or fire extinguishers, cyber insurance should not be an alternative to having adequate, proactive cyber defences. From our perspective, cyber insurance is very much a complementary, secondary investment if all else fails.”

2 – It Can Support Cyber Risk Awareness

With a significant number of businesses lacking cyber security awareness, cyber insurance is a perfect foundation for building up these missing skills – not least if companies know that poor practice will invalidate their insurance.

“[Cyber] insurance will push organisations to have baseline security controls in place,” Javvad Malik, security advocate at AlienVault told Computer Business Review.

He added: “This would include fundamental security practices such as understanding what critical assets are, enforcing strong passwords, two-factor authentication, encryption, as well as having threat detection and response controls in place. What is needed is an end-to-end data protection platform that works across all infrastructures.  More importantly it must also encrypt the data, and ensures it stays encrypted until it’s needed.  If a cyber-criminal does manage to get encrypted data but not the key used to encrypt it, the data is useless.”

3 – It’s not just for the Blue Chips

Cyber insurance is seen by some as a luxury for major players. Yet almost half (48 percent) of SMEs were hit by cyberattacks last year.

“In addition to adequate protection, cyber insurance has become a compelling solution that can allow small businesses to help defend against these threats. Organisations could be eligible for the reimbursement of costs related to a data breach, loss of income due to a targeted hacking attack, damage repair to systems, or ransom requests,” Nick Shaw, EMEA VP and GM at Norton, Symantec told Computer Business Review.

4 – Did Someone Say GDPR?

As GDPR fast approaches, organisations must be much more vigilant around data protection as the financial implications could prove hefty.

“There is a clear and greatly accelerated increase in requirements around data governance – the upcoming GDPR is a prime example. Companies must deploy strong protection and detection capabilities and be able to prove they did what they could to protect themselves and their systems and their customer’s/employees’/patients’ data,” Luke Brown, VP EMEA at WinMagic, told Computer Business Review.

“The impact of a cyber-attack to an organisation’s brand, reputation, and business operations can be irreparable. It’s therefore important to plan ahead and have a plan should the worst arrive. Proactive protection steps are key for SMEs who can be considered softer or easier targets of cyber attackers,” Shaw added.

(See also: GDPR: The Clock’s Ticking, Confusion Reigns; We’re Here to Help)

5 – Yes, there are still problems…

Looking ahead, Adrian Moir, Senior Consultant, Product Management at Quest noted that there remain challenges for the industry.

“The industry chatter on the need for cyber insurance is taking off, and in six months-time, I believe we’ll either see cyber insurance take off like wildfire or completely fall flat given the difficulty in quantifying a breach’s impact. Companies will have to employ tried and true breach mitigation strategies like monitoring entire cyber environments and patching security flaws in addition to educating users,” he emphasised.

It is an outlook that is increasingly seeing insurance and cyber security companies work closely together, however.

January’s agreement between Apple, Cisco, Aon and Allianz was a case in point. This comprised a new cyber risk management solution that spanned cyber resilience evaluation services from Aon, secure technology from Cisco and Apple, and options for enhanced cyber insurance coverage from Allianz. Those signing up potentially qualify for lower, or even no, deductibles in certain cases.

Computer Business Review expects to see many more such agreements.

Just make sure to read the small print.

Global trends are shaping a new insurance industry

It’s a turbulent time for the insurance industry – and indeed, many others, too – as the world around it changes rapidly.

Last week, we told you that the global insurance sector is being forced into a ‘profitability revolution’ as large-scale trends such a technological innovation, complex regulation, and challenging operating ratios take their toll on business.

Search and compare insurance product listings for Financial Institutions from specialty market providers here

Now, Fitch Ratings has revealed that the outlook for the London insurance market remains negative in 2018, which it says reflects the expectation that underwriting results “will continue to be pressured by the high cost of doing business, due to high acquisition and administration costs.”

While the less-than-appealing forecast for the London market is underpinned by underwriting losses in 2017 as a result of insurers’ exposure to major catastrophe events, there are a range of macro factors at play that are making the insurance business a tough one to be in right now – or at the very least, a demanding one.

Technology and its effect on the consumer mindset is at the forefront of many insurance companies’ minds today, according to CGI’s ‘Have you Joined the Profitability Revolution?’ report.

“Disrupters from outside of the insurance industry, perhaps most noticeably Amazon’s recent foray into insurance, have had a catalysing effect within the industry by increasing expectations from customers, suppliers and partners alike,” Adam M Savill, director of insurance at CGI, told Insurance Business.

“The huge change in people’s experience of digital servicing in fast moving consumer goods has led to a justifiable rise in expectations in insurance,” he continued.

The rise of the smartphone has been a key disruptor in changing the dynamics of the industry, “in terms of channels to market, pricing and promotion,” Savill said.

“Customers under the age of 30 expect to use their mobile devices for all commercial and personal interactions, and consider letters and shops to be from an analogue age. It’s imperative that insurers provide the optimal digital customer experience (CX) if they are to remain engaged and relevant with their customer.

And while the potential for technology to revolutionise many of the core processes within insurance is much-talked about, there can be a focus on the wrong things, according to Savill.

“The trend that probably receives most publicity is the introduction of disruptive technologies such as blockchain, digitisation, robotics and artificial intelligence. These innovations have not always been developed to meet a specific customer need, and the best commercial uses for blockchain – apart from Bitcoin – have yet to be fully exploited,” he explained.

“However, digitisation, robotics and AI have all been targeted at driving downs costs by automating existing processes to deliver them more effectively, rather than developing new business models.”

Alongside all that change, is the constant pressure to keep up with changing regulation – and the added Brexit bombshell.

“No discussion of trends is complete without a reference to the ongoing, costly challenges of meeting and optimising regulatory compliance,” Savill said.

“This has become more time-consuming and complex as new regulation covering disclosures, fraud, the General Data Protection Regulation (GDPR) and Insurance Distribution Directive (IDD) come into force. 

“The ability to retain passport rights to freely underwrite policies and insure across the European borders will be under scrutiny as UK insurers struggle to remain compliant with Solvency II, and the implications of Brexit on the regulatory environment are still unclear.”

What is insurance underwriting and how does it affect me?

JOHANNESBURG - When it comes to insurance, the pricing of your monthly premium may seem a bit mysterious. Why, for instance, is your premium different from your friend’s? The answer lies in insurance underwriting.

Long-term insurance premiums are calculated through an underlying methodology called underwriting. The underwriters use a wealth of data and predictive models to categorise clients into risk-rating groups according to their likelihood to claim. You can fall into a low-, average- or high-risk category, which will determine the premium you will pay.

Dr Marion Morkel, the chief medical officer at Sanlam, says being an underwriter is like being a tightrope walker. “Essentially, underwriters predict the likelihood and extent of a claims pay-out over a policy’s lifetime. This means constantly balancing potential losses for an insurance company with affordable prices for clients.”

While there are some factors you can control – such as your diet, smoking and drinking habits, and even your hobbies – there are others you cannot. It’s up to the underwriter to determine the probability of an event occurring to each individual client and the magnitude of the resulting loss.

Dr Morkel answers some of the most frequently asked questions about underwriting from the perspective of life and medical insurance:

What factors determine the client’s risk? 

From a life and medical insurance standpoint, we usually look at both your biosocial data and your medical data. The factors considered include:

 

  • Age. The younger you are, the better the risk generally, as you are considered healthier and less likely to die.
  • Gender. This depends on the benefit type, because one gender may outperform another. For example, claims statistics prove that more young men than young women are involved in motor vehicle accidents.
  • Whether or not you smoke.
  • History of chronic disorders or significant medical events.

 

Insurers compare the data of your individual case against the data from decades of claims experience and clinically based medicine, to predict your risk compared with the normal population.

How can I build a positive risk profile to pay lower premiums? 

This depends on the type of insurance for which you are applying. Evidence of a healthy lifestyle is always a good risk indicator. Insurers look at factors such as Body Mass Index and cholesterol levels. However, some people have chronic disorders that may affect their risk indicators. They may be under the impression that disclosing such a disorder will create an adverse risk rating. On the contrary, having evidence of a well-controlled disease is a powerful factor for improving your risk profile. Evidence would be supported by regular visits to your general practitioner, and compliance with treatment and lifestyle programmes.

What happens if I accidentally omit information about my family health history? 

It is generally accepted that not everyone will be aware of all the illnesses that have affected their family members. However, it is reasonable to expect you to be aware of significant medical disorders that impacted the longevity of family members in the past, or diseases that may be genetically linked. Not disclosing this becomes problematic when you want to claim.

The insurer will have to consider whether its initial underwriting decision would have differed had you disclosed these key facts in the first place. The outcome of this risk reassessment is based purely on the new information, and it is not punitive. There is no “stricter” or added risk rating for not declaring the history previously and therefore the outcomes could be any of the following:

 

  • No change in your risk rating;
  • An increased risk rating or exclusions could be added; or
  • The insurer can decline to give you cover.

 

Dr Morkel provides some advice for building a better risk profile:

 

  • The better your medical record, the lower your insurance risk.
  • Location counts – the region in which you live directly affects your premiums, in terms of your likelihood to experience crime or flooding, for example.
  • The best policy is always honesty – hiding information upfront can cost you when it’s time to claim.

ALSO READ: Steinhoff: who are the real losers?