Cyberattacks against Target, Home Depot, Sony and several other large companies have galvanized what was a formerly niche cyber insurance market. As a result of those high-profile breaches, corporate demand for policies that hedge against hackers has soared.
Seizing on this opportunity, Aon last month acquired Stroz Friedberg, adding incident response and other capabilities to its portfolio of cybersecurity assessment and risk transfer services. Aon further plans to round its portfolio with risk analytics, sentiment analysis and vendor partnerships.
John Bruno, Aon's CIO and executive vice president of enterprise innovation.
"[Stroz’] incident response capabilities are the gold standard in the market," says John Bruno, Aon's CIO and executive vice president of enterprise innovation. He says Stroz, perhaps best known for helping the likes of Sony and Yahoo mitigate damage from breaches, will enable Aon to help clients mitigate cyber incidents more rapidly, which has a direct correlation on reducing claims.
"Those that practice the best in hygiene, preparation and response have an opportunity to reduce the severity of the incident because they reduce the time in which an attacker is inside," Bruno says.
Why it’s important to hedge against cyber risk
Aon’s bid for Stroz comes in a market that is maturing rapidly because of the increased intensity of attacks, which have triggered mandatory data-breach reporting laws. Allianz forecasts that cyber insurance premiums will grow globally from $2 billion annually to over $20 billion over the next decade.
Although 60 vendors offer cyber insurance of some sort, none currently account for every type of intrusion, data loss or contingency associated with a cyberattack. Forrester Research says organizations will need to “build towers of insurance,” establishing relationships with several carriers to build sufficient coverage.
Aon targeted Stroz to fill some of its own gaps. Bruno says that adding penetration testing, incident response and digital forensics to Aon’s assessment and risk transfer services will help clients halt data loss and repair harm to the corporate reputation.
Stroz will also help Aon close the chasm between CFOs and risk managers' understanding of the value of cyber insurance -- which experts say is sorely lacking -- because the company is credible among many enterprise general counsels and CISOs. Bruno says that when an Aon client’s CISO or CIO joins the risk manager in a sales engagement, the close rate happens twice as fast as it does when only no IT managers are involved. “We have to educate the risk managers – it’s our responsibility,” Bruno says.
And as companies purchase more cyber policies it will launch a reinsurance market, generating a new revenue stream for Aon, which could offer cyber bonds, similar to how reinsurers offer catastrophe bonds to mitigate risk from natural disasters.
Sign up for CIO Asia eNewsletters.