Yet, while cyber insurance options have proliferated, many companies are, according to Verisk Property Claims Services Head Tom Johansmeyer, “buying less cyber insurance or not at all”.
Fact is, traditional insurance is struggling to properly insure cyber assets. Many companies don’t have a good understanding of how much cyber insurance they should get, and traditional insurers, lacking in historical data and experience, often misjudge the degree of protection their clients should purchase.
With embedded insurance however, insurers can distribute cyber insurance solutions that better relate to customer needs. Bundled within the purchase of a product or service, embedded insurance is ideal for serving customers with relevant cyber insurance products across every stage of the customer life cycle.
Digital transformation has been accelerating for years now. With the Covid-19 pandemic catalysing this trend, more opportunities for exploitation look set to rise as well.
Already, there have been 27% more phishing sites in existence at the start of 2021 than last year alone. Malware infections have also skyrocketed from just 12.4 million in 2009 to a whopping 812.87 million by 2018.
It’s not just an increasing prevalence of cybersecurity threats that should worry businesses. According to IBM’s Cost of a Data Breach Report 2020, the average cost per compromised record has also been increasing over the last three years. It estimates that on average, a data breach cost nearly US$3.86 million last year.
There are also myriad new threats businesses must take precautions against. The expansion of Internet-of-Things (IoT) networks has also seen a commensurate rise in cyberattacks, with incidents targeting IoT devices surging 300% in just 2019 alone. Ransomware, once a novelty, had hit as many as 47% of organisations worldwide last year.
Source: IBM Cost of a Data Breach Report 2019
Naturally, heightened cyber risk also translates into increased demand for solutions to mitigate it. Cyber insurance premiums, which totalled US$5 billion annually in 2020, are expected to increase 20% to 30% on average.
The insurance ecosystem is also seeing an influx of both old and new players introducing cyber insurance products and services. Among them are insurance platforms-as-a-service and digital insurance partnerships between insurtech companies and industry incumbents, like Amica Mutual Insurance’s strategic alliance with US-based insurtech firm HOVER and data and analytics firm Corelogic.
Although more players offering cyber insurance have emerged, many problems still plague the subsector. Among them – a lack of historical data, and resultantly, an inability to accurately determine future cyber risk.
Traditional insurers with nascent offerings in the space also lack experience developing data and analytics used in more mature business verticals. Adding to that are technical intricacies that add another layer of complication, making cyber insurance products not only expensive and difficult to buy, but also consistently mis-sold by insurers.
Traditional insurance versus on demand micro insurance in dealing with cyber risk
|Traditional insurance||On demand microinsurance|
|Premium||Estimates premiums due to lack of real-time data||Premiums are personalised from real-time data|
|Point of sale||Offered to customers as a separate product offering||Offered to customers online, especially during the purchase process of another product or service|
|Relevance of coverage||Coverage is fixed regardless of underlying product or service.||Coverage varies according to the product or service it is bundled with.|
Source: Digital Insurance, Rainmaking
Case in point: in 2013, US-based healthcare services provider Cottage Health Systems had to be financially responsible for a data breach, even though the company was covered by cyber insurance. Citing failure to take sufficient measures to minimise their own risk, their insurer denied them coverage.
Ultimately, cyber insurance doesn’t offer “standard coverage at a standard price”. Because insuring intangible assets is still a relatively new concept, there’s high uncertainty over what is covered, and what risks are present.
To overcome these problems, cyber insurance needs to be not only affordable and relevant, but also highly personalised. Cyber threats vary widely, and customers may only need protection against certain types depending on the underlying product or service they purchase.
Through insurance partnerships with relevant digital ecosystems, offering relevant personalised cyber insurance products with far lower involvement and greater affordability is made possible. Insurance products can also be embedded at various touchpoints of a customer journey, allowing the insurer to collect data in ways that enable it to better tailor offerings specifically to individuals.
Some use cases include Ant Group’s Quanminbao and Haoyibao insurance products. A simple pension annuity product and a guaranteed lifetime cancer protection plan respectively, both come with low premiums, no-cost sign-ups, and real-time cash pay-outs. Buying coverage is easy, and insurance, as with other products sold by Ant Financial, are also selectively offered – and customised – based on real-time data collected from users.
Traditionally, insurers often relied on agents as distribution partners. Given how rapid cyber risks emerge and take hold however, these partners themselves also struggle to be responsive to customer needs.
Instead, embedded insurance catering to cyber risks today may be better aligned with telcos, digital wallets, and payment services providers. In these digital insurance partnerships, insurers can develop new business models in tandem with insurance platform-as-a-service companies; they can tap on the large user base of telcos and e-wallets and gain access to customer data that will allow them to generate analytics that support integrating insurance offers across every stage of the customer journey.
In Southeast Asia, Singapore telco Singtel recently added an insurance savings plan in partnership with Etiqa, the insurance arm of Malaysia-based bank Maybank. The move lowers customer acquisition costs for both organisations, and provides room for joint development of more digital insurance products that cater to a larger pool of customers.
All in all, adequately tackling cyber risks requires insurance to become nimbler and more personalised. Insurance products can adapt and scale better against a mounting range of more frequent cyberthreats and, together in partnership with organisations like telcos, e-wallets, and digital payments providers, gain access to new distribution channels to reap not only mutual benefit, but also co-create new cyber insurance products that insure against an ever-widening range of cyberthreats.