Cyber security: a growth market for insurers?

Cyber breaches have been hitting the news one after the other this year. In May, the National Health Service was struck by a ransomware virus called WannaCry. It locked users out of their computers, disrupting surgeries and medical appointments, demanding payment to disarm itself.

The following month, another ransomware attack spread rapidly around the world, hitting several large companies and many smaller ones, locking computers from their users and suspending critical systems for days. In September, credit reporting company Equifax revealed its systems had been systematically infiltrated without its knowledge, putting at risk the confidential information of 143 million people – as Bryn Jones, manager of Elite Rated Rathbone Ethical Bond fund, pointed out, that’s the equivalent of half the population of the US!

The furore over these breaches has died down a bit among the public – potentially a bit of fatigue at the volume of cases plays a part – but the impact on the affected businesses is very much front and centre. Bryn commented: “Global shipping giant Maersk was one of those hit by the ransomware virus in June; it expects to have lost $300m due to only a couple of days’ disruption to its complex web of trade. Equifax is likely to face stiff fines from regulators for failings that put millions at risk of fraud.

“Companies that have benefited from the interconnected world are increasingly getting tripped up by growing threats from hackers. More punitive regulations regarding personal data are also coming into force, which could see firms liable for hefty fines on top of class action law suits.

“Simply put, these risks need to be covered by millions of businesses around the globe.”

It is strange, then, that focused cyber-insurance is still pretty rare. “Small businesses, in particular, are unprepared for a collapse in their systems or a crippling attack by malware or hackers,” Bryn continued. “Roughly half of all UK businesses have reported a systems breach or attack in the past year*. Unsurprisingly, most at risk were those businesses that hold electronic personal details of customers.

“Almost 40% of British companies said they had insurance to cover a hack of their systems, although that doesn’t necessarily mean they have a specific cyber-insurance policy. Many firms believe they are covered under general business policies, but the government’s cyber survey found many companies were not completely confident of their understanding of what they were covered for.

“We think the niche market of cyber-insurance could grow substantially over the coming years as companies become savvier about cyber risks and insurers come up with better products to protect them.”

Cyber-insurance is very much a nascent market, however, and the potential extent of claims and the types of conditions that insurers insist on for coverage are yet to be ironed out. “We have been discerning about which companies we have taken exposure to in this space,” said Bryn. “ We have bought bonds issued by Beazley, a specialist insurer with a strong record of moving into new markets, and Chubb, an insurance giant which boasts one of the best combined ratios (a measure of insurer profitability) in the US. They have strong shares in the cyber insurance market and we believe their profits should get a boost from growth in these types of policies.”