Cyber insurance polarises. Some view it as the one measure that will keep their company afloat after a cyber incident; others are convinced that it will not pay out in any case. Who is right?

In our discussion we will cover what cyber insurance is, what it is not and where the big open questions are.

AI Summary

Disclaimer: This session information was generated with the help of AI. The information has been reviewed and refined by the Swiss Cyber Storm team and the speakers before publishing.

Maya Bundt and Fabian Willi discuss the complexities and considerations surrounding cyber insurance, including its effectiveness, coverage limitations, and the role it plays in cybersecurity strategy. They explore scenarios where cyber insurance has been beneficial and others where it has fallen short, emphasizing the importance of understanding policy details and the evolving nature of cyber threats.

Key facts

In 2017, the NotPetya event resulted in approximately $10 billion in losses worldwide, highlighting the potential financial impact of cyber events.
The global premium volume for the cyber insurance market is about $15 billion USD, indicating the scale and financial capacity of the market.
Insurance penetration in the cyber domain is relatively low, especially among small and medium-sized enterprises (SMEs), with only about 10% having cyber insurance.
The expected global cost of cyber crime by 2025 is estimated to be $10.5 trillion, underscoring the growing threat landscape and the need for effective risk management strategies.

Ideas

Cyber insurance is a critical component of risk management for businesses, offering coverage for losses due to cyber attacks, including business interruption and data restoration costs.
The effectiveness of cyber insurance is often debated, particularly in scenarios involving large-scale cyber events like NotPetya, where exclusions such as war can limit coverage.
Cyber insurance policies are evolving to address new threats and needs, including coverage for ransom payments, but require careful reading and understanding of the fine print.
The cyber insurance market is responding to the increasing threat landscape by offering more comprehensive coverage options, but systemic risks pose challenges to insurability.
Cyber insurance can act as a catalyst for improving cybersecurity practices among insured companies, as insurers may require certain cybersecurity measures to be in place for coverage.

Keywords

Cyber Insurance
Coverage Limitations
Cybersecurity Strategy
Policy Details
Evolving Threats

Quotes

“if you really need it it won't pay”
“war is basically not an insurable concept”
“the economic loss is much larger than the insured loss”
“managing cyber risk nowadays has become part of the cost of doing businesses”

Recommendations

Businesses should conduct a thorough risk management process to understand their cyber risks before deciding on purchasing cyber insurance.
Companies should invest in cybersecurity measures not only to protect themselves but also to meet the requirements of cyber insurance policies.
Public-private partnerships could be explored as a mechanism to address insurability challenges for systemic cyber risks.

About the speakers

Maya Bundt

Multiple Board Member and President of the Steering Committee for the Implementation of the National Cyber Strategy

Dr. Maya Bundt is a senior leader and experienced board member with a passion for cyber, innovation, and people.

In almost 20 years with the global reinsurer Swiss Re she had a variety of roles in IT, Strategy, and Reinsurance. Since 2014 she was responsible for developing the cyber insurance strategy and successfully built the Cyber and Digital Solutions function and team; she also chaired the Swiss Re Cyber Council. She left Swiss Re in summer 2022 to serve as an independent director on the boards of Baloise, Valiant, and APG SGA.

Session

An Insider Perspective on Cyber Insurance – Yes or No?