The Case for Cyber Insurance
By Kevin Townsend on December 10, 2019
Cyber Has Emerged as a Risk That is Not Specifically Covered by Other Insurance Policies
Insurance is a fundamental aspect of business risk management used to spread or mitigate financial risk by transferring it to a third party. Since business is now urged to take a risk management approach to cyber security, it is natural and inevitable that cyber insurance should be considered as part of the mix. Cyber insurance is set to grow, in size as an industry, and in importance as a service.
But there are issues — not least because there is comparatively little actuarial history on which the industry can base its premiums. While there is a century of auto insurance and many centuries of shipping insurance, there is little more than two decades of cyber insurance history. As a result, both insurers and insureds are still unsure about what it is, what it should or can cover, and how much it should cost.
To the insurers, cyber insurance is primarily a gap filler. Cyber has emerged as a new risk that is not specifically covered by other policies, and cyber insurance is designed to fill that gap. But immediately there’s a problem, because aspects of existing policies may cover aspects of cyber risk. The principle of ‘silent cyber’ can apply — that is, if cyber is not specifically excluded from the policy, it is de facto included. Is separate cyber insurance even necessary?