I, along with three of my partners in Goldberg Segalla’s Cybersecurity and Data Privacy Practice Group, recently attended the Advisen Cyber Risk Insights Conference in New York City and came away with some terrific nuggets. They include the importance of “silent cyber” to reinsurers and regulators, the fragmentation of the cyberinsurance market and the difficulty in driving change even for industry leaders, and continuing perceptions about coverage for cyber-related losses under stand-alone cyberinsurance policies and traditional insurance policies.
One of the best resources I picked up at the conference was a copy of the Advisen/PartnerRe 2018 Survey of Cyber Insurance Market Trends.
The findings are insightful and revealing. For instance, one of the greatest drivers of new cyberinsurance policy purchases is “third-party requirements.” Fortune 500 companies do recognize the importance of their vendors having insurance for a data breach incident. Pushing cyber risk down to their vendors and subcontractors will now be just part of the cost of doing business.
Another interesting finding is that the expected size of companies who are new purchasers of cyberinsurance are 45% mid-size (50M-1B) and 44% small (less than 50M). One would expect the middle market to dominate the small market in this case. Not so.
A third interesting finding is that those businesses in the manufacturing/industrials and professional services sectors are two of the top three leading new buyers of cyberinsurance. By contrast, government/non-profit and education are trailing in this category. What this show is that the message that everybody is a target is getting through to some but not others.
A finding that is not surprising but still bears mention is the biggest obstacle to selling cyberinsurance is a lack of understanding of exposure. Hence, businesses still do not understand that hackers are opportunistic and look for low-hanging fruit and that the cost of responding to a data breach or damage from a cyber-related event can be staggering. To reiterate, everyone’s a target, and having cyberinsurance is imperative for every business.
I encourage you to review the survey and share your thoughts or discuss any findings you find particularly significant.