Cyber insurance: Cyber risk management markets mature

Cyber insurance: cyber risk management markets mature

Insurers grow their cyber crime insurance sales, but managing cyber risk poses challenges.

Related content

The cyber insurance market is booming due to rising cyber-attacks, but insurance organizations will need to become much more sophisticated in their approach to assessing and managing cyber risk if they hope to turn cyber policies into a strong and sustainable line of business. 

What is cyber insurance? Among the fastest growing insurance niches, cyber insurance products cover operational risks affecting confidentiality, availability or integrity of information and technology assets.

A growth market emerges:

Encompassing a broad range of cyber insurance products designed to cover operational risks affecting confidentiality, availability or integrity of information and technology assets, cyber insurance is among the fastest-growing niches in the industry. While its growth is led predominantly by financial institutions seeking to perform cyber risk management and better transfer their cyber risk, demand is also being driven by regulatory pressures and notification legislation that will require all firms to notify individuals if their personal data is breached. Companies are increasingly seeking cyber breach insurance products that cover the management and costs of notification processes.

The cyber insurance market also seems ripe for continued organic growth. As organizations become more reliant on data, and more of their business is conducted over digital channels, they will place increasing value on protecting that data and those channels from cyber-attacks. In turn, they will seek ever-higher levels of coverage from their insurers to cover greater risks. Demand for cyber-crime insurance is also being driven by a number of very high profile and costly breaches over the past few years, often leading to consumer litigation. 

Cyber insurance growing pains:

This fast-growing and emerging cyber-crime insurance market does face growing pains, since it often takes insurers some time to fully understand the unique risks and challenges that they are taking on. In part, this is because the threat risk is continuously changing, as cyber criminals’ vast toolkit evolves rapidly. Also, insurers struggle with how to value and compensate data breaches that cause reputational and brand damage.

The underlying problem is that few insurance organizations have a clear understanding of what ‘good’ cyber security looks like for their customers. They are therefore unable to assess whether their customers are taking the right precautions to properly manage their risk. Since some cyber insurance products can be purchased today without the need for even a high-level risk assessment, clearly the insurance industry will need to drive towards standards if they hope to remove the moral hazard concerns inherent in this market.

Seizing the competitive advantage:

If the cyber insurance market is to properly mature and effectively transfer risk, insurers (and any eventual re-insurers) will need to become much more sophisticated in their approach to assessing and managing cyber risk. Those that hope to achieve first-mover advantage will want to focus on three, somewhat interrelated, areas:

  1. To properly quantify the risks they are underwriting, insurers will need to improve their ability to conduct appropriate security assessments on customers to better understand and monitor the protections in place and the likelihood of a claim.
  2. Insurers will need to become much better and faster at managing and analyzing their data to inform their pricing and risk models. For example, by overlaying claims information to quantify the value of each security method.
  3. Insurers should distinguish themselves with product innovation, including new, relevant policy features as well as a broader scope of services to support their cyber insurance customers, from risk assessment, forensic investigation and breach investigation services to their customers.

The bottom line is that insurers will need to think more broadly about how they develop and structure their products if they want to succeed in the evolving cyber insurance market. 

Questions to think about:

  1. Has your firm examined the market potential of offering cyber insurance or other technology risk products?
  2. What steps are you taking to understand clients’ evolving cyber risk management needs to drive product innovation?
  3. How sophisticated is your ability to perform client cyber risk assessments and monitor cyber threats?
  4. What in-house capabilities or third-party expertise do you require to keep up with the ever-changing cyber risk environment?

To discuss these questions further, please contact:

Stephen Bonner

KPMG in the UK

+44 20 76941644

Jon Dowie

KPMG in the UK

+44 20 73115295

Kevvie Fowler

KPMG in Canada

+1 416 777 3742

Banks and insurers confront technology transformation: Why legacy system renewal projects may fail to deliver?

How can banks and insurers build better infrastructure strategy for legacy system renewal?

Read more

Cyber crime: Insurers in the firing line

Insurance companies should shore up their defenses against the rising threat of cyber crime.

Read more

Connect with us


Request for proposal



KPMG's new digital platform

KPMG's new digital platform