Cyber insurance are growing, from the first policy sold in the USA to a business of one billion dollars in 15 years. Not only, Tracy Dolin -analyst of the Ratings Services unit of Standard’s & Poor’s- declares that the financial market could reach a business of ten billion dollars by 2025.
Also in Italy we perceive the same phenomenon, as demonstrated by the panel of 162 CIOs, CISOs, CSOs and CTOs of Top companies in Italy respondents to the survey for the NEXTVALUE Insight “Cybersecurity in Italia. What’s next” [figure 01]. The 44% of respondent declares interest in partly transferring their Cyber Risk to an insurance. Nevertheless, only 12% of the members of the panel confirm that they have bought a cyber insurance, or that they are going to buy one in the next 12 months.
We also want to highlight that according to many specialists the insurance market for Cybersecurity is on an initial stage. A product yet without a pricing, terms and conditions and a standard language, feeds insecurity in people who want to buy a policy.
In addition, analysts’ opinion on the evolution of cyber insurance is still split in half. Some say that the financial market is moving toward pricing and product standardization, others express doubts and declare that policies only offer illusory security.
Figure 01 Cyber Insurance: percentages of adoption
D: Is your company considering the possibility of adoption of a cyber insurance for the transfer of Cyber Risk?
% of respondents, panel = 162 CIOs, CISOs, CSOs, CTOs of Top companies
Source: ©NEXTVALUE I INSIGHT “Cybersecurity in Italia. What’s next”, January 2017
For an organization, the final benefit of an insurance coverage is the corporate budget protection. To date, only Top companies with exposure abroad requires a policy for Cyber Risk. According to the new European GDPR (General Data Protection Regulation), it is not possible to transfer the legal risk. The adoption of cyber insurance is therefore useful for transferring financial risk.
It is important to note that for implementing an insurance coverage a company must design an internal risk analysis in combination with all departments, not only the IT one. Thus, Cybersecurity must enter into companies DNA.
We expect that, after Top companies, also midsize ones will begin to consider the adoption of a cyber insurance, especially those that are part of a larger supply chain with Top organizations, with the latter ones demanding for an insurance coverage as a standard against the risk of cyber-crime.
Free download of the Insight “Cybersecurity in Italy. What’s next” (only in Italian language).