In the rapidly changing world of cyber risk, you have to think ahead. So when I read that Ari Schwartz, the White House Director of Cyber Security, had offered his views on the future of cyber insurance at a recent conference, it was hard to ignore. Schwartz said that by 2020, private firms will be buying cyber insurance, just as they do for property and liability coverage and other basic insurance policies. According to Schwartz, it will be a coverage that all businesses need to buy. He said that although cyber insurance is growing, insurers are reluctant to underwrite policies without the actuarial data they need. Demand for cyber insurance, he said, is surpassing supply.
Usually, I’m not comfortable predicting the future. In this case, though, I think Schwartz may be spot-on. The need for cyber insurance is growing every day as phishing, cyber extortion, and data breaches become more common and affect more and more people. The data breach at Home Depot is only the most recent example to make the news. Healthcare.gov, Bartell Hotels in San Diego, and Memorial Hermann Health Systems in Texas are all among those that have recently suffered data breaches.
Such incidents are still relatively new from an actuarial perspective, Additionally, it can be difficult to predict costs and price insurance. Taking this into account, ISO announced a strategic collaboration in July with IDT911™ (IDentity Theft 911®). The collaboration will help ISO better understand the cost of data breaches and provide a more complete picture of cyber risk.
In the meantime, if you want to enter the cyber insurance market or learn about any of ISO’s various cyber offerings, visit the ISO Cyber Risk Solutions website, www.verisk.com/cyber or e-mail me at sdougherty@iso.com. You can also follow me on Twitter @doughertyshawn.