Allianz SE, Europe’s biggest insurer, has become the latest to tie its future to the delivery of policies covering cyber attacks, as noted in the Insurance Journal. Although such well-established firms develop policies that will help small to medium businesses (SMBs) recoup lost assets in the event of a calamity, work remains before the policies will be widely adopted. SMBs have been legitimately concerned about what might happen if their premises or cloud computing service is knocked offline. With so many businesses relying on their computer services to function, lost revenue and decreased customer service result whenever cyber security problems occur.
For more than a decade, insurance companies have offered corporations plans to cover various types of IT outages: Cyber security attacks, privacy breaches, lawsuits and lost business opportunities. Few businesses, however, have taken advantage of these programs. A survey by Willis Group Holdings, a global risk advisor, insurance and reinsurance broker, found that most companies do not carry insurance for IT security breaches.
Cyber Security Attacks Cost Big Bucks
Cost has been a major deterrent. In some cases, enterprises have experienced hundreds of millions in losses from data breaches involving millions of records, so there are clearly potentially enormous payouts. To recoup such expenses, the policies start in the five-figure range and can quickly pass the $1 million mark, depending on the size of the risk. Consequently, their use has been limited to large enterprises that understand the risk and are willing to pay for the expensive policies.
Even so, the low penetration rate and the emerging market need have attracted new market entrants, such as Allianz SE. “Five years ago, there were a dozen cyber insurance suppliers; now there are more than 70,” said Tom Srail, senior vice president for the technology practice at Willis Group Holdings. As a result, the market is expanding down to SMBs. “The insurance industry now has enough history to understand what the risks are, so they are in a better position to price their policies and cover possible liabilities,” stated Willis Group Holdings Strail.
New Packaging Options Emerge
The insurers are packaging their service in new ways. Insurance is being offered as a standard option for on-site equipment selections — a new server, for example — or as part of cloud providers’ service-level agreements (SLA). As businesses increasingly rely on their computing infrastructure, the potential negative impact of a cyber attack grows. Businesses have been searching for ways to mitigate their potential risk, and insuring their IT services is becoming more feasible for SMBs as the market matures.