What is Cyber Insurance?

A cyber insurance policy, also referred to as cyber risk insurance or cyber liability insurance coverage (CLIC), is designed to help an organization mitigate risk exposure by offsetting costs involved with recovery after a cyber-related security breach or similar event. Many insurers in the market are currently offering a wide variety of cyber insurance policies that are able to cater to different needs of their clients. With the increasing threat of cyber-attacks on businesses in the recent years, some businesses made it a point to purchase cyber insurance to help them respond to possible data breach. In just 2018 alone, businesses in Singapore lost nearly S$58 million to phishing attacks. On top of that, a survey conducted by Cyber Security Agency of Singapore (CSA) indicated that almost half of Singaporeans suffered at least 1 cyber-security lapse in 2018. From these statistics, we can see that cyber insurance will eventually become a crucial product for both individuals and businesses in Singapore.

However, many individuals do not have a clear idea of what cyber insurance is. Many believe that cyber insurance only compensates you when you experience a data breach. However, many cyber insurance policies offered by insurers includes recovery assistance and cyber-security reinforcement. Many existing cyber insurance provides the policyholder access to professional support team that can aid them in enhancing their security for their cyber network. On top of that, some policies also incorporates recovery assistance that will help the policyholder in responding to data breaches and ensuring that the policyholder can recover immediately from such events. Some products may even include monitoring system which helps the policyholder to manage their cyber risks in their cyber network.

After learning about the benefits of cyber insurance, let us share with you the basic coverage offered by such policies. So what does cyber insurance covers? Typically, cyber insurance covers expenses related to first parties as well as claims by third parties. Although there is no standard for underwriting these policies, the following are common reimbursable expenses:

• Investigation expense
• Business losses
• Privacy & notification
• Lawsuits and extortion

History & Evolution of Cyber Insurance

As technology evolved in the late 1990s, technology-related risks evolved with it. The first cyber insurance policies were written to address these exposures and focused on online content or software. Over time, the technology and accompanying policies have evolved extensively into a vibrant and volatile cyber insurance market.

The history of cyber security insurance policies in the United States begins in the late 1990s. Some were policies that covered online media, while others were errors in data processing (EDM) policies. Early cyber insurance coverage generally evolved from professional liability policies for software and media risks. In addition, traditional policies did not include first-party coverage.

However, after 20 over years of evolution, cyber insurance now covers more than just first and third party liability. Many cyber insurance policies also incorporate coverage for outsourced providers, cloud providers and acts of rogue employees. With the advancement of technology in the past decade, cyber insurance has also shifted its role from just providing protection to providing assistance and assurance. Many existing cyber insurance product offers cyber solutions that aids the policyholder in responding to possible cyber threats. In addition, new policies began to include coverage on:

• Cyber Business Interruption
• Cyber Extortion
• Network Asset Damage

As seen above, cyber insurance has evolved from just basic protection to complete assistance for businesses and individuals. We believe that as cyber risks continue to evolve, cyber insurance will also continue to evolve to adapt to new threats in the cyber world. Experts have also indicated that in the next 5 to 10 years, businesses and individuals can expect to see further changes in cyber insurance products.

So what can we expect in the future?

As technology continue to rapidly improve, reinsurance support will grow in response to better data and tools, boosting the overall growth of the market. Businesses seeking to take up cyber insurance will also be able to access higher limits as insurance companies will be able to transfer some of their risk onto reinsurance companies, and potentially the capital market.

Apart from that, reputational covers offered as part of cyber insurance packages or as stand-alone products are expected to evolve. Most of the existing reputational products are focused around offering access to crisis management expertise. Whereas, future products are more likely to offer indemnification for loss of business arising from adverse publicity following a cyber event.

Finally, the most significant change that would affect businesses’ and individuals’ decision on purchasing cyber insurance: PRICE. It is expected that pricing and limits available in the cyber insurance market will be based on the risk level of a client’s cyber-security. Firms with ISO 27001 certification in place demonstrate, for instance, that they are managing information security risk effectively and the costs and exclusions of their cyber policies typically reflect that. Therefore, it is crucial for businesses to measure their risk before considering the coverage that they need to minimize their cost.

© 2019 Raffles Provident LLP

Biz registration number: T13LL0595E GIAS number: C004125

+65 31457168 • Andrew@rafflesprovident.com.sg