Cyber security insurance is one of the fastest growing sectors in the insurance market, on track to be worth $7.5 billion globally in annual sales by 2020, up from $2.5 billion this year, according to PwC.
For Irish companies who have not yet considered it, now might be a good time. “It’s not wildly expensive considering the risk you are insuring, although it is quite narrow in terms of what it covers,” says Colm McDonnell, head of risk advisory services at Deloitte.
“Such products typically cover the cost of the recovery, rather than the cost of the loss,” he explains. “If you’ve been hacked for example, and Deloitte comes in to clean it up and contact all your customers and so forth, it will cover the cost of that. As such, it’s not unlike business continuity, disaster recovery insurance or traditional fraud insurance.”
For corporates, market leader AIG’s CyberEdge product covers data liability, including the financial consequences of losing or misappropriating customer or employee data. It covers forensic services following a data breach, assistance to repair company and individual reputations, breach coaching and associated notification costs. The potentially significant costs and expenses of a data protection regulator’s investigation and any fines arising are also covered, as are the costs of restoring, recollecting or recreating data after a leak or breach.
For individuals, the main protection against cyber crime is simple mobile phone insurance. “Not alone are people carrying information about things such as banking on their phone, the phones themselves are worth a fortune – it will cost you €600-€700 to get a new smartphone. A result is that, whereas five or six years ago, people weren’t inclined to spend extra money on insurance, now they are,” says Mark Gardiner head of products and services at mobile phone network Three.
“And insurance costs have not risen in line with the cost of smartphones. Our entry level product is still €3.99 a month.”
Customers who report their phone lost or stolen within 24 hours are covered for up to €1,500 in reimbursement costs for any use of their phone over that 24-hour period, if, for example, a thief used it for long-distance calls.
And, as the use of near-field communications (NFC) payments grows, which will see consumers buy goods by tapping their phone at an in-store terminal, similar to debit and credit cards currently, awareness of the value of phones will grow, he reckons.
Another element of cyber crime attracting interest from insurers is that of corporate reputation. This year saw the launch in Ireland of RiskEye, a reputation management service aimed at providing businesses with the tools to protect their good name online.
Backed by AIG, the initiative is joined by a PR firm, a law firm and online monitoring specialist Cloud90. Working together, the aim is to protect against online threat, specifically online defamation.
Users pay a monthly subscription which is in effect an insurance premium that will cover the costs of any action taken to manage and defuse online threats, including public relations’ help and legal costs of up to €50,000. Prices start at €30 a month.
“Everyone has the right to their reputation but the online world is largely unedited, it’s the wild west in terms of what people can say about your business, and that’s a risk that makes people nervous,” says head of information security at RiskEye, Sarah Holland. “We saw a niche opportunity to respond to that risk by providing a service that is available to everybody. Prior to RiskEye it was really only big companies that could afford this kind of expertise.”