A recent study by KPMG predicts further growth in the global cyber insurance market, which is good news for buyers.
In the report KPMG says that cyber insurance premiums are predicted to rise from USD 2.5 billion in 2015 to USD 7.5 billion by 2020, reaching USD 20 billion by 2025. The increases are driven largely by regulatory changes (especially in Europe with the implementation of the General Data Protection Regulation in May 2018) and with growing awareness of the different threat types and levels among business.
The report examines how insurers could restructure to better serve customers in the digital world. KPMG believes that insurers need to adapt their organisational structures to ensure that cyber is integrated into everything they do. It suggests that insurers create stand-alone cyber insurance centers of excellence that bring together cyber risk modelling, crisis management and digital platforms.
A growing cyber insurance market should be positive for buyers. As the market increases in scale, insurers should see more claims data. And coupled with developments in modelling, insurers will get better at understanding and pricing cyber risk.
A larger more sophisticated standalone cyber insurance market should be better positioned to absorb losses, with a reduced risk of pricing volatility. As capacity builds and the number of players increases, pricing should reduce relative to the coverage on offer.
As the cyber insurance market grows, buyers should, however, take steps to ensure they get the best possible deal from their insurers. This is particularly true in today’s competitive insurance market, which is seeing wide-spread interest in its product, and one that is experiencing growing demand in Europe from the GDPR.
Companies need to differentiate themselves and demonstrate a strong corporate culture in a market flooded with new buyers. Those that take the time to prepare high quality insurance submissions and develop a relationship with their insurers will find they get more cover for their premium.
A recent blog from cyber security firm Trend Micro addressed this point. It advises organisations to demonstrate a strong information security program, which in turn reduces the potential exposure to the insurer.
Trend Micro advises companies to use monitoring to detect and respond to cyber incursions rapidly; demonstrate an effective, regularly tested business continuity program; and share regular audit results showing that the organization’s policy, procedures and technology work together within a context of employee awareness.