Demand for cyber insurance is likely to soar in the wake of the WannaCry ransomware attacks that affected more than 300,000 computers in more than 150 countries around the world since May 12, Fitch Ratings predicts.
“The slew of recent ransomware attacks … reveals the widening scope of corporations’ cyber risk exposures, which is likely to increase demand for related insurance protection, Fitch said in a May 1 analyst note. “Insurers are in a unique position to assist customers in addressing the cyber threat.”
However, Fitch warns that insurers should be cautious in terms of how they address cyber exposures, “as there is considerable uncertainty in pricing and underwriting this risk.”
He added that “expansion by individual underwriters into the segment could be credit negative.”
Considering the scope of the ransomware attacks, Fitch said that figuring out their costs will take time. Burt corporations will remain anxious in the aftermath, and that, along with evolving cyber regulations, will spur demands for cyber insurance protections and products that can help mitigate risk, he added.
As corporations seek to counter cyber threats, it is becoming increasingly clear that insurers are playing an expanded role, the report noted, focusing both on risk management and claims services. Insurers are also part of the solution, he said, because they’re developing more technical knowhow in both testing for cyber threats and preventing them.
Insurer actions in addressing cyber threats have also involved acquisitions or alliances with cyber security vendors, he said, illustrating how far cyber insurance protection has come.
“Cyber protection coverage, therefore, increasingly includes a service and advisory component, as well as insured loss limits,” Fitch noted.
Fitch points out that U.S. insurers wrote about $1.3 billion in cyber coverage in 2016, with expectations now that the market could expand to $14 billion by 2022.
Even with the likely scope of that growth, however, insurers such as American International Group, XL Group and Chubb who have taken the lead in cyber risk haven’t exactly joined an aggressive market segment, according to Fitch.
“Many insurers have taken a cautious approach to introducing cyber coverage, particularly with regard to liability coverage,” Fitch wrote. “Underwriting experience relating to cyber coverage, as reported by insurers, has appeared relatively favorable for insurers in the past two years, but the market remains untested.”
The issue, according to Fitch, is “challenges in establishing actuarially robust pricing and coverage terms for cyber-related risk goven still-limited data from historical claims losses.”
“The evolving nature of events and uncertainty regarding the source and range of potential losses add further challenges,” the Fitch note added. Another issue: the coverage insurers are willing to offer right now, versus how policyholders see what their cyber risk and protection needs actually are, though Fitch expects these differences to lessen over time as the market matures.
In the wake of the WannaCry attack, Willis Towers Watson issued a client alert that pointed out a number of ways to mitigate risk of future ransomware attacks within an organization.
The company said that WannaCry was likely triggered through phishing emails, where employees clicked on infected links such as malicious Microsoft Word files. It recommend that organizations take a number of steps to reduce risk including more employee awareness training, assessing IT staffing and skills, ensuring security updates are current for Microsoft and other operating systems, and making sure antivirus and anti-spam filters are current.
Take Preventative Action Now: Willis Towers Watson
Willis Towers Watson, like Fitch Ratings, said that cyberinsurance serves a big role in countering risk of future attacks.
“Cyberinsurance continues to play a central role in managing cyber risk and protecting your organization’s balance sheet,” Willis Towers Watson said, adding that attacks such as WannaCry can cause serious damage on multiple levels.
“This type of attack, if not addressed quickly and effectively, could have far-ranging consequences to an organization’s net income, network fun ctionality and critical data,” Willis Towers Watson said.
Sources: Fitch Ratings, Willis Towers Watson