In November 2014, on online research was conducted by Hanover Research to understand the market for Cyber Insurance. (A Copy of the published Report is available here). The survey is supposed to have gathered information from 271 respondents, most of whom are from insurance underwriters in USA.
In the context of the first India Cyber Insurance Survey 2015 undertaken by the undersigned along with a group of IS professionals, the key findings of the Hanover survey is presented here for general information.
The Hanover survey focuses on capturing data on current prevalance of cyber security insurance and the policy forms it takes. Since Indian Cyber Insurance industry is in nascent form, the policy structuring used here is a replica of the forms used in USA and hence this survey findings have some indirect relevance to India as an influencer of what types of policies are made available by the Insurance companies here. On the other hand, the India Cyber Insurance Survey is attempting to capture the views of the prospective Insurance buyers and understanding what types of risks they would like to be covered in their perception of Cyber Insurance.
(P.S: The India Cyber Insurance survey is presently on and we are requesting as many respondents as possible to participate in it by completing the questionnaire available here If you are reading this article, I request you to take 20 minutes off your weekend to complete this questionnaire)
One of the key findings of Hanover research is that even in US, only 46% of the Insurance underwriters have a Cyber Insurance practice, though 11% more intend to offer such services in the coming year.
Nearly 91% of the companies presently offering Cyber Insurance, appear to be providing the services only to an “admitted market” which we believe represents customers to whom other services are already being provided. In a way there is an attempt to limit the risk based on the “Known Client” rather than “Known Risk”. This is consistent with the hypothesis that Insurers are yet to understand the risks and cover it based on their perception of risk.
There is a general consensus that the market is set to grow though the expectation of around 25% is very small compared to what the Indian Insurers seem to be expecting which is in excess of 50%.
Interestingly the insurers appear to think that Data Breach is a risk different from Cyber Crimes and over a third of the respondents believe Cyber Crimes are more dangerous than data breaches. We suspect that the distinction is being made on the basis of whether a risk is triggered by an external attack (Cyber Crime) or through technology failure (errors and omissions which may include employee negligence).
The survey confirms that most of the prospective customers (40%) believe that they donot need cyber insurance and this is the biggest challenge faced by the insurance companies. An additional 30% feel that some form insurance against risks is already present in their systems. The apathy of 70% of the market is what is noted as a concern of the insurance industry. We hope to capture a more reliable information on this from the prospective insurance seekers in the India Cyber Insurance survey.
The survey also records that 69% of the underwriters donot have a dedicated staff to underwrite cyber security insurance and only 30% appear to have 11 or more persons working directly on drafting cyber insurance policies. This supports the view that Insurance companies donot make a customized evaluation of risks and write policies and are not equipped to make such assessments.
The India Cyber Insurance Survey 2015 will be able to throw more light on the way Cyber Insurance should be structured based on the marker expectations.
We request all the readers to make a success of the survey by contributing their views and also persuading their friends to provide their views on the subject by participating in the survey.
Kindly circulate the survey form to all your collegues and friends and ensure large participation.