{"id":10042,"date":"2020-10-05T11:55:17","date_gmt":"2020-10-05T11:55:17","guid":{"rendered":"https:\/\/www.experfy.com\/blog\/?p=10042"},"modified":"2023-10-25T09:53:06","modified_gmt":"2023-10-25T09:53:06","slug":"cyber-insurance-changing-dynamics-maturing-market","status":"publish","type":"post","link":"https:\/\/www.experfy.com\/blog\/bigdata-cloud\/cyber-insurance-changing-dynamics-maturing-market\/","title":{"rendered":"Cyber Insurance: Changing Dynamics in a Maturing Market"},"content":{"rendered":"\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t

Skills and data are building up, leading to less favourable conditions for negligent buyers<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t\n

Our recent\u00a0review<\/a>\u00a0of the Cyber Insurance market place, in collaboration with\u00a0Cyber Solace<\/a>, highlights a number of key elements.<\/p>\n\n\n\n

The market has changed considerably since our first analysis in\u00a02016<\/a>, driven by non-stop cyber-attacks affecting all firms \u2013 large and small \u2013 and in particular by the spectacular rise in ransomware-related incidents, from Wannacry and NotPetya in 2017 to more recent Maze and Sodinokibi outbreaks.<\/p>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t

\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t\n\n

The introduction of tighter privacy regulations such as GDPR in 2018 or CCPA has also contributed to the development of risk awareness amongst buyers, around sub-standard cyber security<\/a> practices where personal data is concerned.<\/p>\n\n\n\n

Generally, most actors across the cyber insurance sector have built up skills over the past few years \u2013 something which was clearly deficient back in 2016. Data \u2013 which was clearly lacking back in 2016 \u2013 is also starting to accumulate in meaningful ways, as the\u00a0Cyentia Institute<\/a>\u00a0and\u00a0Advisen<\/a>\u00a0have comprehensively highlighted in their last\u00a0Information Risk Insight Study<\/a>.<\/p>\n\n\n\n

The market has changed considerably since our first analysis in\u00a02016<\/a>, driven by non-stop cyber-attacks affecting all firms \u2013 large and small \u2013 and in particular by the spectacular rise in ransomware-related incidents, from Wannacry and NotPetya in 2017 to more recent Maze and Sodinokibi outbreaks.<\/p>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t

\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t\n

This is allowing new dynamics to emerge between buyers, brokers, agents and insurers.<\/p>\n\n\n\n

\n

A market less and less favourable to negligent buyers<\/strong><\/p>\n<\/blockquote>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t

\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t\n

Many buyers \u2013 in particular amongst small firms \u2013 are still looking at cyber insurance as some form of \u201csilver bullet\u201d: A way of transferring cyber risk in full without having to change existing practices.<\/p>\n\n\n\n

The market is becoming less and less favourable to those negligent buyers.<\/p>\n\n\n\n

In the past, insurers might have paid back some of their claims by fear of killing the market. They are less and less driven to do so: As skills increase and data-driven models give deeper insights, buyers have to expect to be more and more challenged around their cyber robustness.<\/p>\n\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t

\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t\n

Cyber insurance, as we were\u00a0foreseeing<\/a>\u00a0to some extent as far back as 2015, could be in the process of becoming an incentive mechanism driving adherence to security good practices in order to ensure pay-backs by insurers, in the face of cyber-attacks which have now become plainly a matter of\u00a0\u201cwhen\u201d, not \u201cif\u201d<\/a>.<\/p>\n\n\n\n

\n

The threat of \u201csilent cyber\u201d<\/strong><\/p>\n<\/blockquote>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t

\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t\n

However, over the past few years, driven by the skills imbalance within the market which we highlighted back in 2016, a number of legacy practices have created a potential storm around the cyber insurance market at large, which the current COVID-19 crisis can only aggravate.<\/p>\n\n\n\n

Cyber insurance was rarely sold as a standalone policy. Many cyber insurance policies have been effectively \u201cburied\u201d within other policies, and their diversity in terms of language, coverage or exclusions remains staggering.<\/p>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t

\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t\n

This \u201csilent cyber\u201d problem is turning into a nightmare for many insurers and re-insurers who are finding it increasingly impossible to estimate accurately the amount of cyber risk they actually carry, once again in the face of non-stop cyber-attacks, and now with the COVID-19 crisis aggravating the situation and also punching a multi-billion hole in their pockets through business interruptions payments.<\/p>\n\n\n\n

The extent of this could be very significant and may end up creating a systemic risk event, over which the financial regulators would have to intervene.<\/p>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t

\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t\n

Overall, even if it continues to be shaken by regulatory challenges or court cases (many high profile\u00a0lawsuits<\/a>\u00a0are still unresolved), the cyber insurance market is emerging out of immaturity, insurers are effectively paying back, and cyber insurance is becoming a strong measure for CFOs and CEOs to consider in their arsenal of protective measures against cyber threats, as long as they remain otherwise committed to adherence to cyber security good practices.<\/p>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<\/div>\n\t\t","protected":false},"excerpt":{"rendered":"

Cyber insurance is becoming a strong measure for CFOs and CEOs to consider in their arsenal of protective measures against cyber threats, as long as they remain otherwise committed to adherence to cyber security good practices.<\/p>\n","protected":false},"author":529,"featured_media":10043,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"content-type":"","footnotes":""},"categories":[187],"tags":[692,462,450],"ppma_author":[3178],"class_list":["post-10042","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-bigdata-cloud","tag-cyber-insurance","tag-cyber-security","tag-cyber-threats"],"authors":[{"term_id":3178,"user_id":529,"is_guest":0,"slug":"jean-christophe-gaillard","display_name":"Jean-Christophe Gaillard","avatar_url":"https:\/\/www.experfy.com\/blog\/wp-content\/uploads\/2020\/04\/medium_b55e5afa-fb86-428a-a054-3be0451df2a4-150x150.jpg","user_url":"https:\/\/www.corixpartners.com","last_name":"Gaillard","first_name":"Jean-Christophe","job_title":"","description":"Jean-Christophe Gaillard\u00a0is Managing Director and Founder at Corix Partners. He is also a Non-Executive Director with\u00a0Strata Security Solutions<\/a>, a specialized cybersecurity firm. He has been co-president of the Cyber Security group of the\u00a0Telecom Paris Tech alumni association<\/a>\u00a0since May 2016. He is the author of \u201cCyber Security: The Lost Decade<\/a>\u00a0\u2013 A Security Governance Handbook for the CISO and the CIO\u201d, He contributes regularly to\u00a0The Digital Transformation People<\/a>,\u00a0Business 2 Community<\/a>, and\u00a0IoTforAll<\/a>\u00a0platforms, as well as the\u00a0Business Transformation Network<\/a>. He is an expert contributor on the\u00a0CIO Water Cooler<\/a>\u00a0and has previously published articles on\u00a0InfoSecurity<\/a>\u00a0Magazine, \u00a0Computing<\/a>, the C-Suite.co.uk,\u00a0Info Sec Buzz<\/a>\u00a0and the\u00a0IoD Director<\/a>\u00a0websites."}],"_links":{"self":[{"href":"https:\/\/www.experfy.com\/blog\/wp-json\/wp\/v2\/posts\/10042","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.experfy.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.experfy.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.experfy.com\/blog\/wp-json\/wp\/v2\/users\/529"}],"replies":[{"embeddable":true,"href":"https:\/\/www.experfy.com\/blog\/wp-json\/wp\/v2\/comments?post=10042"}],"version-history":[{"count":5,"href":"https:\/\/www.experfy.com\/blog\/wp-json\/wp\/v2\/posts\/10042\/revisions"}],"predecessor-version":[{"id":33722,"href":"https:\/\/www.experfy.com\/blog\/wp-json\/wp\/v2\/posts\/10042\/revisions\/33722"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.experfy.com\/blog\/wp-json\/wp\/v2\/media\/10043"}],"wp:attachment":[{"href":"https:\/\/www.experfy.com\/blog\/wp-json\/wp\/v2\/media?parent=10042"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.experfy.com\/blog\/wp-json\/wp\/v2\/categories?post=10042"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.experfy.com\/blog\/wp-json\/wp\/v2\/tags?post=10042"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.experfy.com\/blog\/wp-json\/wp\/v2\/ppma_author?post=10042"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}