Global Perspective: As the risk of data theft continues to rise, the cyberinsurance segment is poised for significant growth

With the world digitalising at an increasing rate, the threat of cybercrime has risen dramatically in recent years, and emerging markets are no exception. While the shift towards online platforms – along with the development of the internet of things, smart cities and blockchain technology – is generating significant opportunities for wealth creation and helping to raise efficiency, it is also creating a new set of complex challenges for governments, businesses and individuals.

Cybercrime

The widespread nature of cyberthreats has led to a considerable increase in the cost of cybercrime. In 2015 UK bank Lloyd’s estimated that cybercrime, including direct damage and post-attack disruption to operations, cost businesses as much $400bn globally. The UN’s International Telecommunications Union (ITU) predicted that this figure will reach $2trn by the end of 2019, while industry analyst Cybersecurity Ventures expects global damages to cost $6trn by 2021, a figure that would make cybercrime more lucrative than the illegal drugs trade.

Cyberinsurance

The elevated threat, along with the rise in cost, is driving investment in protection, with global cybersecurity spending expected to total $1trn between 2017 and 2021. A growing share of this protection is cyberinsurance. While it is not considered an all-encompassing solution, cyberinsurance is an increasingly important form of security as companies, government institutions and individuals look to protect themselves from threats. Cyberinsurance generally covers clients from the losses stemming from cyberattacks or data theft within an IT network. Policies usually include first-party risk coverage, related to the businesses’ own assets, or third-party risk coverage, which deals with the assets of others, usually in the form of clients or customers. In terms of specific policies, coverage falls into one of three categories: standalone cyberinsurance; package deals provided within traditional policies such as general liability; and non-affirmative – also known as silent – coverage, whereby exposure to cybercrime is neither explicitly included or excluded from coverage, which can often lead to uncertainty and litigation during the claims process. While cyberinsurance was first developed in the 1990s to protect telecoms and professional services companies against the loss of customer data, many insurers in more developed markets now provide cyber-related services, such as prevention programmes and post-breach response services. Additional services offer customers more practical assistance than that offered by traditional insurance lines, such as deploying forensic investigators to look into the causes of the breach and offer solutions, public relations professionals to help with reputational damage and skilled negotiators to deal with ransom demands.

Read the full Global Perspective in The Report: Myanmar 2020