Who doesn’t know somebody that was exposed or suffered some sort of data loss due to a cyber-attack or data breach? In recent years, cyber risk (or cybersecurity risk) has become a major concern. Organizations are becoming more vulnerable to cyber threats due to the increasing reliance on computers, networks, programs, social media, and global data. A breach/loss of data can have a massive negative business impact.

So, next to the obvious IT-set-up protection against such risks, how well do specific insurances play out? Because it is a domain that has recently grown into maturity. Let us take you to the insurance side of cybercrime.

What is cyber-risk all about? 

A cybercriminal has a couple of ways to ‘invade your company’s privacy’. First, there’s the most known unauthorized access to the computer system and/or website, by penetrating or bypassing existing security systems, the ‘hack. A network ‘intruder’ uses, for example, computers with out-of-date patches to install malicious software. It’s therefore advisable to insure against the consequences of the loss/theft of data and/or cyber-attacks. The latter can additionally have the form of ransomware or a scam/phishing case or the newest member of the family: crypto-jacking. The latter has the intent to use the processing power of the victim’s computers and then generate cryptocurrency.

By the numbers …

Already between 10 and 20% of Belgian companies are insured against some form of cybercrime. Which is a good thing, considering the risk of data and other significant losses. But one might consider if those numbers shouldn’t be way more? For example, in 2018, 7 out of 10 companies were targeted in a cyber-attack. In May 2021, Belnet, the company that provides internet services to the country’s government agencies, was victim of a distributed denial of service (DDoS) attack. An attack designed to prevent the availability of certain online services by overloading servers with data.

Also, claims have increased by a factor 17 from 2013 to 2018. Between 2018 and 2020, multiple insurers reported the number of claims roughly doubled. It is known that on average, after a cyber-attack, the operating loss is equivalent to almost 3 working days. So, it’s to be expected that companies will get more and more insured. By 2027, it’s estimated that global premiums will go from €2.7bn to €30.7bn, that’s roughly times 11 in 5 to 6 years. Impressive numbers …

Who’s to blame?

But there’s an uncomfortable truth to be told. The biggest threat to cybersecurity lies within the company: its own users/employees. Cybercriminals exploit those weak links without mercy. Because no matter what security is in place, no matter if all software and hardware is perfectly in shape and up-to-date, even the most conscientious employees make mistakes. And hackers know that a single slip-up is all it takes to expose a business to a massive cyber fraud. And don’t forget, the time that only a pc or a laptop, connected to the internet, was vulnerable is already way behind us. Also, mobile devices are the ones that are targeted now. So, in addition to insuring assets, people should be educated about the possible lurking perils that could cost their companies dearly …

And does it need to be said that prevention reduces the risk? So, the insurer of choice will play this card. And they will do so by imposing several measures as a condition: daily/weekly back-ups, antivirus, firewall, up-to-date software, and hardware, …

What does insurance bring to the table?

A company’s turnover is the key factor to determine what type of coverage is needed and what could be the size of the damage suffered. Typically, 10-million-euro turnover is the threshold to distinguish between medium and large enterprises.  For the latter, most insurers will offer a tailor-made solution. Guaranteed capital amounts may vary from €50.000 to €2.000.000, with worldwide coverage. Cyber-type policies are usually quite broad in terms of the guarantees offered. They cover the own damage – think operating losses continuity costs and the restoration of data and software – as well as the damage to third parties, such as GDPR-related issues, administrative and contractual fines, trademark violations, …

Conclusion

This domain is probably one of the most recent innovations in insurance. In the past 2-3 years, an attack was suffered by many small and large companies, sometimes leading to substantial losses. It is assumed that almost every corporation will face an attack someday, and when all measures fail, an insurance might compensate for the damages suffered.   

Did you read this article with great interest? You want to grow your career in insurance? Then maybe you are the consultant we are looking for! Because a DynaFin consultant knows the insurance business like the back of the hand. You are also up-to-date with the products and legislation that our customers deal with on an everyday basis.

So, if you have in-depth knowledge of insurance or you would like to know more about insurance, then feel free to look at our careers page. If you are interested in an exciting career, please send your CV to alexia.soreil@dynafin.be.