CYBER INSURANCE
Cyber insurance is fast becoming a necessity for companies. For the Insurers it promises to open up a new avenue of growth.


Why cyber insurance

Let's face it - what is the most dreaded thing today? Fire? Well, the insurers take care of that, don't they? Death of the director, maybe… Nope the insurers are there again with their key person insurance. Loss of data, right? Well we all have excellent disaster recovery plans - and the back up sits in such idyllic locations as Alaska, so no problem there either! Traditional insurance covers just about everything a Brick and Mortar Company can face today.

But what if someone defaces your site with inflammatory messages leaving everybody visiting your site doubting your credibility? What if someone steals your cyber money? If someone introduces a virus into your system and all your partner companies' systems go kaput, who answers? Talking of which, who do you think is responsible should a partner's system inadvertently infect your site with a virus? When someone steals your customer information, are you responsible for the breach?

The Ecommerce world thus poses a range of risks - fraud, theft, espionage and a million other such things.

It's clear, the more technology advances and increases the quality of life, the more will the cyber crime brains help keep the economy from becoming hyper efficient.

A recent CSI/ FBI survey*** of 223 companies that were able to estimate their financial losses due to cyber crime, revealed the figure to be a whopping $460 million. Theft of proprietary information accounted for 37% of the estimated loss while fraud set the companies back by about 25%.

The risk is undoubtedly there and the need for insurance imminent. The question we need to ask is whether there something we can do about it. The answer seems to be cyber insurance.

The hour has produced the product, but it's still as naïve and immature as a newborn baby. But at least, it's begun and a good start is half done. So let's leap into the brave new world of cyber insurance and how the future looks. Before we do so however, we need to understand the evolving relationship between the Internet and the Insurance industry.



Major Players and Products in market

AIG, Chubb, Marsh and a host of others have already entered the fray with a host of policies covering different types and levels of cyber risk. While third party insurance is more commonly offered, first party products have also begun to appear.

Recent reports from studies by reputed bodies indicate that Ecommerce Insurance would generate $2.5 Billion in premium by 2005. In anticipation of this boom, the players have started offering products that cover all the key risks specific to the new economy.

A presentation from AIG summarizes the risks which are most relevant today* - Web Content based liability (libel, slander, copyright and trademark infringement), Professional Errors and Omissions Liability such as in the rendering or failing to render professional services for others for a fee and Network Security Liability & Loss. All these risks can now be covered, albeit in a limited way.

Trends and Issues

While the industry is now getting a good handle on the key risks that need to be insured, the science of quantifying cyber risks is still in its infancy.Traditionally, the actuaries had a lot of historical data, which helped them predict the incidence of risks to a nicety. Errors in estimation were few and far in between. The definition of the fine print in the policies was rather water tight too - both the insurers and the companies knew what was being offered and what wasn't (sure there were quite a few disputed claims - but then now we are stepping into the lawyer market!).

With cyber insurance, none of this is true. Historical data is scarce, and what little is there is not cast in stone either. Estimations of damage due to virus attacks vary dramatically. The perceptions of possible future risks are equally volatile. Companies and the insurers have no real answers.

The result is that we have rather expensive guesstimates - in 2001, the average annual cyber policy premium was $45,000 with a $10 million liability limit. One other issue is the rather low liability limit. While liability coverage of over $100 million may interest a corporate behemoth, cyber insurance today offers a very low liability coverage ($10M to $25M).

Endpoint

The question though is how cyber insurance will grow over the years. It is clear that lack of enough data and the resulting uncertainty is proving to be a bit of a dampener. The smaller companies are content with lower coverage but at low premiums while the corporate types may be willing to part with sizeable premiums but need large coverage. The insurance companies today are able to provide only limited coverage at rather exorbitant prices.

The solution seems to be in the hands of the IT consultants. These people understand technology better than most and need to be in a position to evaluate future risks to survive in the industry. Thus, they are perhaps best equipped to help the insurance companies predict the risks and define premiums.

Perhaps comprehensive technological audits in view of a company's current technological infrastructure and future Ecommerce needs are the key to success, perhaps not. One thing is however clear - a "brave new world" is unfolding. There will be successes and failures, but the biggest victors will be those who get their hands dirty first.