None of the experts surveyed said they expect cyber insurance to become unaffordable. Most of them described the industry as “healthy and growing,” although Greg Reber, CEO of AsTech, called it, “the ‘Wild West’ right now in this market. Awareness and fear is going up quickly and companies are turning to insurance to assuage their fear.
“But supply is there, and pricing is finding its feet,” he said.
Indeed, Durbin cited a prediction last fall from Allied Market Research that the cyber insurance industry would see a CAGR (compound annual growth rate) of 28% from 2016-2022, to $14 billion.
There is also general agreement, however, that the health of the industry for both insurers and their customers will depend in significant measure on transparency from both sides.
Policies, they said, need to have less ambiguity about what is covered and what isn’t. And buyers need to be transparent about their own risks and security posture. “Companies have to take their self-assessments seriously when they complete them,” Reber said “There are already case studies of insurance companies refusing to pay claims due to inaccuracies in the self-assessment.”
One way to help, with both consistency and transparency, would be to standardize the policy forms, Kroll said.
“Cyber insurance in the U.S., at this point, is generally only available from surplus lines or non-admitted carriers,” he said. “As such, it is not subject to state rate-and-form regulations.”
That, plus a lack of “credible actuarial data” means each insurer uses a different policy form.
“Since cyber insurance is becoming more mainstream, it may be time for state insurance regulators to provide a process, through rate-and-form review, so admitted insurers can easily offer cyber insurance coverage. This should lead to more uniform policy forms and wordings,” he said.
All of this will take time, of course, but,“cyber insurance is not going away,” Reber said. “I think it’s as healthy as can be expected in these early phases of the industry, and will become more stable with time – after more data and case studies can be applied.”
Sign up for CIO Asia eNewsletters.