CYBER INSURANCE
Cyber insurance is fast becoming a necessity for companies. For the Insurers it promises to open up a new avenue of growth. Only time will tell if cyber insurance turns out to be manna from heaven, but all the big players have lined up to claim their shares…..
Even as pundits started talking about the saturation of the Insurance industry in the aftermath of the 9/11 attacks, a new vista appears to be opening up for the industry. As yet largely untapped and unmeasured, it seems to be just what the doctor ordered for rejuvenating a sector considered by many to be in the stagnation phase of its product life cycle by promising a very lucrative growth phase. Like all growth phases, it is uncertain and ridden with risk. The early adopters are there, waiting for the product and just like all growth markets the sky is the limit for pricing. Yes, we are talking about cyber insurance, a new segment with the potential to put the insurance industry back on the growth path.
Why cyber insurance
Let's face it - what is the most dreaded thing today? Fire? Well, the insurers take care of that, don't they? Death of the director, maybe… Nope the insurers are there again with their key person insurance. Loss of data, right? Well we all have excellent disaster recovery plans - and the back up sits in such idyllic locations as Alaska, so no problem there either! Traditional insurance covers just about everything a Brick and Mortar Company can face today.
But what if someone defaces your site with inflammatory messages leaving everybody visiting your site doubting your credibility? What if someone steals your cyber money? If someone introduces a virus into your system and all your partner companies' systems go kaput, who answers? Talking of which, who do you think is responsible should a partner's system inadvertently infect your site with a virus? When someone steals your customer information, are you responsible for the breach (especially in the wake of stringent legislation like HIPAA..)?
The Ecommerce world thus poses a range of risks - fraud, theft, espionage and a million other such things.
It's clear, the more technology advances and increases the quality of life, the more will the cyber crime brains help keep the economy from becoming hyper efficient.
A recent CSI/ FBI survey*** of 223 companies that were able to estimate their financial losses due to cyber crime, revealed the figure to be a whopping $460 million. Theft of proprietary information accounted for 37% of the estimated loss while fraud set the companies back by about 25%.
The risk is undoubtedly there and the need for insurance imminent. The question we need to ask is whether there something we can do about it. The answer seems to be cyber insurance.
The hour has produced the product, but it's still as naïve and immature as a newborn baby. But at least, it's begun and a good start is half done. So let's leap into the brave new world of cyber insurance and how the future looks. Before we do so however, we need to understand the evolving relationship between the Internet and the Insurance industry.
The Insurance-Internet compatibility puzzle
Insurance and the Internet were expected to hit off like vanilla ice-cream and the neighbor's five year old kid. Didn't work though - while consumers took to online Financial services with gusto, for some reason they avoided online insurance. The reasons prescribed for this lukewarm response to online insurance purchase are manifold.
• - A META group study determined that only 24% of the insurance companies had aggregator site presence and even these companies "do not know what, if any, benefits, are being gained from it for lead generation/sales or brand recognition, because there are no measurement criteria being applied." The report goes on to predict that the banks and financial services will benefit from this reluctance on the part of Insurance companies to recognize and participate in the e-world.
• - A Booz Allen Hamilton study in 1999, pointed out three reasons for online Insurance faring badly. To quote, "First is product complexity and regulation. Second, insurance companies continue to struggle with the cost and complexity of Internet-based sales capabilities and do not expect cost reduction from building these capabilities. Third, these companies are still very dependent on, or influenced by, agents/brokers and are therefore reluctant to offer online sales capabilities.
Whether it was an attitude or an aptitude problem, the Internet and the Insurance industry were as oil and water. Even as the "experts" began talking about the "traditional" mindset of the industry, a disturbing trend began burgeoning in the fathomless depths of the e-world - that of cyber crime.
Suddenly, people realized that they had practically no weapon to protect themselves from cyber-crime. And the insurers began - albeit cautiously - recognizing that a market, staggering in its vastness was here for them to exploit.
Major Players and Products in market
AIG, Chubb, Marsh and a host of others have already entered the fray with a host of policies covering different types and levels of cyber risk. While third party insurance is more commonly offered, first party products have also begun to appear.
Recent reports from studies by reputed bodies indicate that Ecommerce Insurance would generate $2.5 Billion in premium by 2005. In anticipation of this boom, the players have started offering products that cover all the key risks specific to the new economy.
A presentation from AIG summarizes the risks which are most relevant today* - Web Content based liability (libel, slander, copyright and trademark infringement), Professional Errors and Omissions Liability such as in the rendering or failing to render professional services for others for a fee and Network Security Liability & Loss. All these risks can now be covered, albeit in a limited way.
Trends and Issues
While the industry is now getting a good handle on the key risks that need to be insured, the science of quantifying cyber risks is still in its infancy.Traditionally, the actuaries had a lot of historical data, which helped them predict the incidence of risks to a nicety. Errors in estimation were few and far in between. The definition of the fine print in the policies was rather water tight too - both the insurers and the companies knew what was being offered and what wasn't (sure there were quite a few disputed claims - but then now we are stepping into the lawyer market!).
With cyber insurance, none of this is true. Historical data is scarce, and what little is there is not cast in stone either. Estimations of damage due to virus attacks vary dramatically. The perceptions of possible future risks are equally volatile. Companies and the insurers have no real answers.
The result is that we have rather expensive guesstimates - in 2001, the average annual cyber policy premium was $45,000 with a $10 million liability limit**. One other issue is the rather low liability limit. While liability coverage of over $100 million may interest a corporate behemoth, cyber insurance today offers a very low liability coverage ($10M to $25M).
Endpoint
Taxes, death and the Internet are here to stay, no doubt about that. The question though is how cyber insurance will grow over the years.It is clear that lack of enough data and the resulting uncertainty is proving to be a bit of a dampener. The smaller companies are content with lower coverage but at low premiums while the corporate types may be willing to part with sizeable premiums but need large coverage. The insurance companies today are able to provide only limited coverage at rather exorbitant prices.
The solution seems to be in the hands of the IT consultants. These people understand technology better than most and need to be in a position to evaluate future risks to survive in the industry. Thus, they are perhaps best equipped to help the insurance companies predict the risks and define premiums.
Perhaps comprehensive technological audits in view of a company's current technological infrastructure and future Ecommerce needs are the key to success, perhaps not. One thing is however clear - a "brave new world" is unfolding. There will be successes and failures, but the biggest victors will be those who get their hands dirty first. And given the insurance industry's propensity for taking advantage of opportunities in managing risks optimally, it looks like cyber crime is one fish that isn't going to get away lightly!
Even as pundits started talking about the saturation of the Insurance industry in the aftermath of the 9/11 attacks, a new vista appears to be opening up for the industry. As yet largely untapped and unmeasured, it seems to be just what the doctor ordered for rejuvenating a sector considered by many to be in the stagnation phase of its product life cycle by promising a very lucrative growth phase. Like all growth phases, it is uncertain and ridden with risk. The early adopters are there, waiting for the product and just like all growth markets the sky is the limit for pricing. Yes, we are talking about cyber insurance, a new segment with the potential to put the insurance industry back on the growth path.
Why cyber insurance
Let's face it - what is the most dreaded thing today? Fire? Well, the insurers take care of that, don't they? Death of the director, maybe… Nope the insurers are there again with their key person insurance. Loss of data, right? Well we all have excellent disaster recovery plans - and the back up sits in such idyllic locations as Alaska, so no problem there either! Traditional insurance covers just about everything a Brick and Mortar Company can face today.
But what if someone defaces your site with inflammatory messages leaving everybody visiting your site doubting your credibility? What if someone steals your cyber money? If someone introduces a virus into your system and all your partner companies' systems go kaput, who answers? Talking of which, who do you think is responsible should a partner's system inadvertently infect your site with a virus? When someone steals your customer information, are you responsible for the breach (especially in the wake of stringent legislation like HIPAA..)?
The Ecommerce world thus poses a range of risks - fraud, theft, espionage and a million other such things.
It's clear, the more technology advances and increases the quality of life, the more will the cyber crime brains help keep the economy from becoming hyper efficient.
A recent CSI/ FBI survey*** of 223 companies that were able to estimate their financial losses due to cyber crime, revealed the figure to be a whopping $460 million. Theft of proprietary information accounted for 37% of the estimated loss while fraud set the companies back by about 25%.
The risk is undoubtedly there and the need for insurance imminent. The question we need to ask is whether there something we can do about it. The answer seems to be cyber insurance.
The hour has produced the product, but it's still as naïve and immature as a newborn baby. But at least, it's begun and a good start is half done. So let's leap into the brave new world of cyber insurance and how the future looks. Before we do so however, we need to understand the evolving relationship between the Internet and the Insurance industry.
The Insurance-Internet compatibility puzzle
Insurance and the Internet were expected to hit off like vanilla ice-cream and the neighbor's five year old kid. Didn't work though - while consumers took to online Financial services with gusto, for some reason they avoided online insurance. The reasons prescribed for this lukewarm response to online insurance purchase are manifold.
• - A META group study determined that only 24% of the insurance companies had aggregator site presence and even these companies "do not know what, if any, benefits, are being gained from it for lead generation/sales or brand recognition, because there are no measurement criteria being applied." The report goes on to predict that the banks and financial services will benefit from this reluctance on the part of Insurance companies to recognize and participate in the e-world.
• - A Booz Allen Hamilton study in 1999, pointed out three reasons for online Insurance faring badly. To quote, "First is product complexity and regulation. Second, insurance companies continue to struggle with the cost and complexity of Internet-based sales capabilities and do not expect cost reduction from building these capabilities. Third, these companies are still very dependent on, or influenced by, agents/brokers and are therefore reluctant to offer online sales capabilities.
Whether it was an attitude or an aptitude problem, the Internet and the Insurance industry were as oil and water. Even as the "experts" began talking about the "traditional" mindset of the industry, a disturbing trend began burgeoning in the fathomless depths of the e-world - that of cyber crime.
Suddenly, people realized that they had practically no weapon to protect themselves from cyber-crime. And the insurers began - albeit cautiously - recognizing that a market, staggering in its vastness was here for them to exploit.
Major Players and Products in market
AIG, Chubb, Marsh and a host of others have already entered the fray with a host of policies covering different types and levels of cyber risk. While third party insurance is more commonly offered, first party products have also begun to appear.
Recent reports from studies by reputed bodies indicate that Ecommerce Insurance would generate $2.5 Billion in premium by 2005. In anticipation of this boom, the players have started offering products that cover all the key risks specific to the new economy.
A presentation from AIG summarizes the risks which are most relevant today* - Web Content based liability (libel, slander, copyright and trademark infringement), Professional Errors and Omissions Liability such as in the rendering or failing to render professional services for others for a fee and Network Security Liability & Loss. All these risks can now be covered, albeit in a limited way.
Trends and Issues
While the industry is now getting a good handle on the key risks that need to be insured, the science of quantifying cyber risks is still in its infancy.Traditionally, the actuaries had a lot of historical data, which helped them predict the incidence of risks to a nicety. Errors in estimation were few and far in between. The definition of the fine print in the policies was rather water tight too - both the insurers and the companies knew what was being offered and what wasn't (sure there were quite a few disputed claims - but then now we are stepping into the lawyer market!).
With cyber insurance, none of this is true. Historical data is scarce, and what little is there is not cast in stone either. Estimations of damage due to virus attacks vary dramatically. The perceptions of possible future risks are equally volatile. Companies and the insurers have no real answers.
The result is that we have rather expensive guesstimates - in 2001, the average annual cyber policy premium was $45,000 with a $10 million liability limit**. One other issue is the rather low liability limit. While liability coverage of over $100 million may interest a corporate behemoth, cyber insurance today offers a very low liability coverage ($10M to $25M).
Endpoint
Taxes, death and the Internet are here to stay, no doubt about that. The question though is how cyber insurance will grow over the years.It is clear that lack of enough data and the resulting uncertainty is proving to be a bit of a dampener. The smaller companies are content with lower coverage but at low premiums while the corporate types may be willing to part with sizeable premiums but need large coverage. The insurance companies today are able to provide only limited coverage at rather exorbitant prices.
The solution seems to be in the hands of the IT consultants. These people understand technology better than most and need to be in a position to evaluate future risks to survive in the industry. Thus, they are perhaps best equipped to help the insurance companies predict the risks and define premiums.
Perhaps comprehensive technological audits in view of a company's current technological infrastructure and future Ecommerce needs are the key to success, perhaps not. One thing is however clear - a "brave new world" is unfolding. There will be successes and failures, but the biggest victors will be those who get their hands dirty first. And given the insurance industry's propensity for taking advantage of opportunities in managing risks optimally, it looks like cyber crime is one fish that isn't going to get away lightly!