When someone breaks into a house and steals a TV or jewelry, homeowners or renters insurance can help cover the loss and get one back on track. But what happens in the case of stolen data from cyber attacks and data breaches?
“Economic loss due to cybercrime is predicted to reach $3 trillion by 2020, and 74% of the world’s businesses can expect to be hacked in the coming year.”
In today’s digital world, data is an invaluable, yet the most vulnerable asset to companies. Data largely forms the base of their strategies and their revenue; and also their most vulnerable one. According to the World Economic Forum, “Economic loss due to cybercrime is predicted to reach $3 trillion by 2020, and 74% of the world’s businesses can expect to be hacked in the coming year.” With so much of a company’s success relying on data, it is crucial to protect it.
However, the very fact that data is invaluable to companies makes it harder to insure. Whereas it’s relatively easy to put a price on a stolen luxury watch or iPad, it’s a lot harder to do the same for data. When building an insurance policy, what is the best model for it? From an insurance perspective, should we approach cyber risk and cyber attacks in the same way we do natural disasters or more like organized crime?
Even if insurance companies are able to overcome the obstacles in developing a cyber insurance plan, there are two main challenges for companies wanting to buy it. Many, knowingly or unknowingly may not be treating their data correctly and not be compliant to data protection and privacy regulations such as GDPR and the California Consumer Privacy Act. In addition, many companies do not have the right cyber infrastructure to safekeep their data, potentially preventing their eligibility for cyber insurance. This too might affect any motivation insurance companies have to actually offer cyber insurance products.
"From an insurance perspective, should we approach cyber risk and cyber attacks in the same way we do natural disasters or more like organized crime?"
So what does this mean for startups?
Some companies are approaching cyber insurance through a technical angle, but one can rarely find companies that focus exclusively on insurance against cyber attacks. The ultimate goal is for companies to rise to the occasion and deal with assessing the risks a company faces, and mitigating threats all together.
The reality on the ground is that there’s currently only a handful of startups dealing specifically with cyber insurance. Some companies following this path are: At-Bay, which uses technology to bundle insurance coverage, risk management, and broker tools into a service; Cytegic (acquired by Mastercard), an automatic cyber risk assessment platform; and Kovrr, which focuses on predictive cyber risk modeling. Arceo.ai, which recently raised a $37 million round of funding, also focuses on real-time data and analytics, which it provides to insurers so they can determine a company’s security and cyber risk management behavior and keep their underwriting processes up to date.
However, while making huge strides to insure the digital age, all these companies are operating in territory that can best be described as murky, given that the data and methodologies are new and differ vastly from those employed in traditional insurance products.
"In addition, many companies do not have the right cyber infrastructure to safekeep their data, potentially preventing their eligibility for cyber insurance."
This is your time to shine.
The damage that can be caused from cyber attacks is serious and imminent, and the world of cyber insurance must catch up. Insurance companies are still looking for strong startups that will support them in becoming the market dominator. Since there’s room for many more solutions, if you’re a startup building a tech solution, consider the world of cyber insurance while the competition is low, potential is high, and the ocean is still blue.