This fact is well known, but the impacts for insurance are enormous, and are bringing huge (and rapid) change to the industry around the world. Legal advisors from 19 countries have highlighted different aspects of the digitisation of both risk and its associated insurance cover as a critical issue in Global Insurance Law Connect’s latest Risk Radar Report, which brings together trends from insurance markets around the world.
Cyber risk is outsourced and hard to manage
With the evolution of technology, corporations are finding ever-increasing numbers of digital options to become more efficient and lower costs. The pandemic has accelerated the requirement for digitisation, as businesses have been forced to change how they operate to meet their customers’ requirements.
While these changes are seen as mostly positive the risks associated with them are growing. In an online business the company’s data is its crown jewels, and yet companies store these jewels in third-party systems and on remote servers, accessible only via the cloud.
Of course, this simultaneously increases the risk of cyber-attacks as business data shifts to being managed by third parties. For many businesses across the globe, the risks are not yet fully understood. To protect their data they need to appreciate the challenges and mitigate the risks of outsourcing.
In addition to this, many governments across the world are also requesting open data standards. The implementation of such standards further increases the risk of malicious cyber activity; data can move to potentially lower security environments. Application Programming Interfaces (APIs) - which serve as digital bridges between software packages - can be exposed, with the increased flow of data providing cyber criminals with a constant source of data to mine.
New gateways to insurance products
During the pandemic, online insurance contracting has also proliferated, generating a series of synergies that have led consumers to find a simpler and more practical way of buying their insurance. For markets, like many in Asia, and much of Europe, where insurance was traditionally bought face-to-face from a local tied agent, often within a bank or savings mutual; this has been transformational.
Meanwhile in other emerging markets, such as Malaysia, Indonesia and the Philippines, customers across their many thousands of islands have gained access to online insurance for the first time – bringing huge potential growth for insurers in these relatively untapped territories.
For China, the first country hit by the pandemic, and the first to recover; coronavirus has also stimulated a demand for new clauses in insurance contracts and for new types of cover, increasing its online health insurance market exponentially. This pattern has been followed in other countries where health systems are patchy, including Mexico and Brazil.
It is remarkable how consistently our legal teams across the globe have reported that digital innovation is a significant feature of their current insurance market, and although the nature of the change varies by country, the theme does not – insurance products and ways of selling are changing, and if they are not available online now, they soon will be.
Virtual claims climbing steadily
In most countries, there has been significant growth in the number and cost of digitally-linked claims. One reason for this development is increased pandemic-induced vulnerability from homeworking IT systems. In addition, many companies are still ill-informed about their own IT security and the increasingly skilful malice of cyber assailants.
In France, the number of cases handled by Anssi, the French national agency for information systems security, reportedly increased fourfold in 2020 compared to 2019 for ransomware alone. The annual loss as a result of cyber incidents in the Netherlands is now approximately €10 billion. Perhaps surprisingly, the number of companies affected by cyber incidents is falling, but the amount claimed per incident is growing rapidly.
The maturity of the cyber insurance market varies across the globe. For example, in Turkish law there is no regulation directly related to cyber insurance. However, insurance companies are offering coverage. Meanwhile, in Australia regulators are holding corporates and government agencies responsible for cyber security controls and (mis)representations about privacy practices with cases being decided in court.
An uptick in cyber-related losses is forcing insurers to ask tougher questions and often provide less cover than before. Cyber risk coverage must be properly understood by insurers, brokers and policyholders if prices are not to continue to rise and capacity reduce further.
How is the insurance industry responding?
The shift towards a world of digital risk has, until now, be primarily focused around the huge growth of the cyber insurance market across the world. Around the world, insurers continue to grow in this space with innovative solutions to support different groups of clients.
In France, for example, insurers are offering coverage for cyber cover for civil liability, business interruption and provide emergency hotline services, specialised adjustors, IT experts and legal counsel. However, as is the case in many countries, cover for the reimbursement for ransom is not yet current practice.
New solutions are beginning to be found. The Lloyd’s Lab is bringing a new generation of startups into the market in a truly effective way, launching innovative insurers such as Parametrix, who offer digital business interruption cover, monitoring the connectivity of key cloud data centre suppliers and paying out direct to the client when they detect a loss of connectivity, without the supplier needing to make a claim.
Regulators certainly have a part to play, and many have promoted innovations through the establishment of ‘sandbox’ environments for insurtechs. However, it was clear from our report that some regulators are prepared to go further. In Switzerland, regulators are reducing some Solvency II restrictions on insurance businesses so that they can innovate and stay ahead of any technology. While this is a single example, regulators in many countries are reviewing their current policy and regulatory instruments to meet the ever-changing environment and are holding corporates more accountable for customer data, as well as their own data.
What is needed to shift businesses to a focus on virtual risk?
As insurance companies promote more rigour among corporate customers on preparedness for cyber-attacks, businesses require access to tailored solutions, as well as coverage thresholds that meet their needs. Cyber liability policies are now as critical to a business as a property liability policy, given the upward trend of cyber-attacks and the increasing scale of their impacts.
Such demand could drive capacity challenges when coupled with higher claims. It is currently a strong growth market, and the industry is responding with innovative solutions and paying out claims quickly. However, it may ultimately be necessary for governments and the private sector to work together to help to mitigate digital risks fully.
Meanwhile, insurers are, at last, pushed by the pandemic, embracing many innovations, creating and amending products; shifting their distribution channels and moving their data online. Perhaps the pandemic has given the insurance industry worldwide a push that it has been needing for a very long time.