There has never been a better time to buy cyber insurance. Despite this, there is still a concerning lack of take-up among Asia’s insurance buyers, according to Alex Jomaa (pictured), cyber underwriter at Tokio Marine Kiln
Do cyber insurance products designed for a US or European buyer need tailoring for Asian markets, and in which ways?
Cyber insurance coverage is relevant to all geographies and the wordings are drafted to function globally. Unlike many other lines of insurance business where risks are determined by geography, such as natural disaster risk in property, or by legal system, such as professional liability, cyber is a universal risk due to one simple fact: almost everybody is reliant on similar technology.
The ability to access your data and systems is critical. Few businesses use paper filing anymore, and that is just scratching the surface of reliance on modern technology. Despite IT being core to every business’s operations, the value proposition of a cyber insurance policy has always been touted as protection against liability arising from a breach of third-party data.
Businesses who do not hold large volumes of third-party data are therefore less encouraged to buy, due to the cover being seen as unnecessary. On the other hand, the first party components of cover are borderless, and are beneficial to any company regardless of where they are located.
Are the drivers for buying cyber cover the same globally or are there some nuances, such as regulatory changes?
There are nuances for data breaches. Data protection legislation will vary (and sometimes not exist) from country to country, but such laws are not the only determining factor: a litigious culture or the ability to insure fines and penalties increase exposure.
Is there a trade-off to be had between tough pricing conditions and limited size covers and limits made available?
There has never been a better time to buy cyber cover. Many carriers are jostling for position in a crowded marketplace, and as a result terms and conditions have broadened substantially with competitive premiums being offered to woo new business or retain existing clients. Buyers who are after limits of over $500m however, are likely to struggle with capacity issues as the pool of market actors is not sufficient. The total available pool of capacity will likely increase in the coming years.
Is silent cyber recognised as a major problem in Asia Pacific insurers; and is the standalone market seen as the way to go?
Much is made of the “silent cyber” phenomenon, but whilst these losses are theoretically possible, they have not yet materialised to the extent that some had anticipated. The most frequently cited concern from carriers is physical damage arising out of a cyber-attack.
The cyber insurance market covers a specific set of non-tangible perils, namely first party data restoration and system business interruption as well as liability to third parties for a data breach. It is therefore important to differentiate between “cyber risk” and cyber insurance as a stand-alone insurance product. Cyber risk can be broadly categorised as risk arising out of technology.
Cyber risk exists in all lines, and this is due to the increasing prevalence of technology. Concerns around “silent cyber” exposure are valid, however the lack of take-up in the Asia-Pacific market for stand-alone cyber insurance policies is equally concerning. Losses which are covered under such policies are occurring with greater frequency and severity than ever before.
The Lloyd’s mandate on non-affirmative cyber, as well as steps taken by some insurers, will begin to address the management of “silent cyber”.