'Moving beast' of cybercrime will provide insurers challenges in 2015Reprints
Insuring cyber risks will be one of the biggest challenges facing insurers next year, says Ernst & Young L.L.P., in an analysis issued by its London unit Tuesday.
“Cybercrime is a moving beast, making it impossible to quantify the risks neatly or to calculate them in an informed or consistent manner,” said Shaun Crawford, global head of insurance at Ernst & Young, in the analysis.
“With so much unknown, it's not surprising that premiums are wildly different across the market, and without cross-market stability, the industry will most likely be operating on significant indemnity losses.”
Mr. Crawford said, “It will no doubt be a matter of time before insurers simply refuse to accept the undefined transfer of risks. But, in the short term, it is likely that they will start to demand evidence of adequate cyber risk controls from businesses that demonstrates they are taking cybercrime seriously and are taking the necessary steps to avoid opening themselves up to attack.
“This will present a whole new problem of benchmarking what does and does not constitute 'adequate control', which could put a spanner in the works, and result in cyber risk effectively being incompatible with the insurance model,” Mr. Crawford said.
The analysis says other issues facing firms include the European Union's forthcoming General Data Protection Regulation, which will provide consumers with the “right to be forgotten.” This gives individuals, under certain conditions, the right to ask search engines to remove links with personal information about them.
Other risks outlined in the analysis include the inability of some firms to effectively manage the potentially catastrophic risk that cybercrime represents. The analysis also predicts a significant increase in organizations' moving to cloud computing, “but would caution them to ensure that in doing so they balance the economic and technical benefits of such a move.”