When someone breaks into a house and steals a TV or some jewelry, homeowner's or renter's insurance can help cover the loss and get one back on track. But what happens in the case of stolen data from cyber attacks and breaches?
“Economic loss due to cybercrime is predicted to reach $3 trillion by 2020, and 74% of the world’s businesses can expect to be hacked in the coming year.”
In today’s digital world, data is invaluable to companies. It is typically their largest asset, forming the base of their strategies and their revenue; and also their most vulnerable one. According to the World Economic Forum, “Economic loss due to cybercrime is predicted to reach $3 trillion by 2020, and 74% of the world’s businesses can expect to be hacked in the coming year.” With so much of a company’s success relying on data, it is crucial to protect it.
However, the very fact that data is invaluable to companies makes it harder to insure. Whereas it’s relatively easy to put a price on a stolen luxury watch or iPad, it’s a lot harder to do the same for data. When building an insurance policy, what is the best model for it? From the insurance perspective, should we think about and treat cyber attacks the way we do natural disasters or more like organized crime?
Even if insurance companies are able to overcome the obstacles in developing a cyber insurance plan, there are two main challenges for companies wanting to buy it. Many, knowingly or unknowingly may not be treating their data correctly and not adhering to regulations such as GDPR and the California Consumer Privacy Act. In addition, many companies do not have the right infrastructure to safe-keep their data, preventing them from potentially being eligible for cyber insurance. This too might affect any motivation insurance companies have to actually make cyber insurance products a commodity.
Some companies are delving into cyber insurance through a technological angle, but one can rarely find companies that focus exclusively on insurance against cyber attacks. The ultimate goal is for companies to rise to the occasion and deal with assessing the risks a company faces, and mitigating threats all together.
The reality on the ground is that there’s currently only a handful of tech companies dealing specifically with cyber insurance. Some companies following this path are: At-Bay, which uses technology to bundle insurance coverage, risk management, and broker tools into a service; Cytegic (acquired by Mastercard), an automatic cyber risk assessment platform; and Kovrr, which focuses on predictive cyber risk modeling. Arceo.ai, which very recently raised a $37 million round of funding, also focuses on real-time data and analytics, which it provides to insurers so they can evaluate a company’s security and cyber risk management behavior and keep their underwriting processes up to date.
However, while making huge strides, all these companies are operating in territory that can best be described as murky, given that the data and methodologies are new and differ vastly from those employed in traditional insurance products.
The damage that can be caused from cyber attacks is serious and imminent, and the world of cyber insurance must catch up. Insurance companies are still looking for strong tech partners that will support them in becoming the market dominator. Since there’s room for many more solutions, if you’re a startup building a tech solution, consider the world of cyber insurance while the competition is low, potential is high, and the ocean is still blue.