Insurers still wary of taking on cyber risk

Factors hindering insurers from becoming more involved in the cyber insurance market include a lack of data, the inherent volatility of the risk and their fear of a catastrophic accumulation of cyber exposure, says a report.

“One prime reason why insurers have struggled to get their arms around cyber risk is the lack of historical data, which makes it difficult to build the predictive models that can help assess probability of loss,” says the report issued Thursday by the Deloitte Center for Financial Services, a unit of New York-based Deloitte Touche Tohmatsu Ltd.

Another factor is the risk’s inherent volatility. “Even as insurers collect more data and hone predictive models based on prior cyber threats, the underling exposure keeps changing,” says the report.

Furthermore, insurers “may fear being overwhelmed by a sudden aggregation of losses,” while “a relatively narrow view of what constitutes cyber risk may be prompting many insurers to focus their marketing efforts primarily at those facing the possibility of (personally identifiable information) theft,” the report said.

Meanwhile, “buyers large and small can also have a hard time quantifying exactly how big a risk they face,” says the report. Other issues from the buyers’ perspective include the risk can be spread over a wide range of coverages, cyber policies’ lack of standardization, and that the legal landscape remains in flux.
Approaches suggested by the report include insurers offering holistic cyber risk management programs.