X-Analytics Study Also Reveals Customers' Inability to Quantify Cyber Risk.
A new study of the UK cyber risk insurance and broker community reveals startling findings. First and foremost, the insurance industry needs to address non-affirmative cyber in a meaningful way. Second, measurement of cyber risk in financial terms is highly deficient among insurance customers and the insurance industry itself. Finally, a series of catastrophic cyber events or a systemic cyber event will drastically alter the way in which insurers measure the risk profile of each applicant.
The survey was sponsored by Secure Systems Innovation Corporation (SSIC), the cyber risk management firm that created X-Analytics[R], the world's first cyber risk model that quantifies the economics of cyber risk.
'Silent' Cyber Risk is Key Market Growth Inhibitor.
More than three-quarters (77 per cent) of UK cyber risk insurance brokers and insurers believed that the insurance industry needs to urgently address non-affirmative cyber or 'silent cyber' in a deeper, more meaningful way. Silent cyber refers to instances where cyber perils (such as service interruption or data breach) are neither explicitly included, nor explicitly excluded, by an insurance policy's wording. There was also a recognition that this problem could not be resolved swiftly, according to 22 per cent of respondents.
Lack of Cyber Risk Understanding Inhibits Purchasing
Responses to a separate question on why cyber insurance is not being purchased by more companies as a means of transferring risk indicated that companies 'not understanding policy coverage' and 'cyber policies were still too confusing and did not tie easily to known cyber peril categories,' were the second and third most heavily-weighted responses respectively. The most significant factor holding back the market from the buyer's perspective was firms 'not understanding their own risk exposures,' according to respondents.
Inadequate Customer Measurement of Cyber Risk
Results also reveal that an astonishing 89 per cent of respondents know that their customers either have an inadequate method for measuring the cost of a data breach or remain unsure of their customers' data breach measurement capability. The same percentage (89 per cent) said that customers could not adequately measure the potential impact of a cyber extortion (e.g. ransomware) event.
Customer measurement capability across other cyber perils fared little better. Eighty-seven per...