Cyber Insurance is a term which is not found in the The Insurance Act 1938 which governs the Insurance industry in India. The Act defines besides “Life Insurance”, “General Insurance” services such as “Fire Insurance”, “Marine Insurance” and “Miscellaneous Insurance” .
Cyber Insurance is a business which comes under “Miscellaneous Insurance” which also covers “Motor Insurance”, “Burglary Insurance”, “Employee Fraud Insurance”, “Fidelity Insurance” etc.
While Life Insurance, Marine Insurance, Fire Insurance and also Motor Insurance are well developed parts of Insurance business where there is a huge actuarial data, Cyber Insurance is a relatively new form of Insurance in which there is little experience available in the industry. Out of the 28 licensed Insurance companies operating in India, hardly 5 or 6 companies offer Cyber Insurance.
At a time when the business systems in the country are adopting e-commerce in a big way and companies are building data assets with huge investments, there is a general feeling that there must be a good demand for insuring such assets from losses. Hence the business prospect for Cyber Insurance should be very attractive.
However, when we try to quantify the business prospects for Cyber Insurance, there is lot of uncertainty. First of all the demand for Cyber Insurance comes from the fear of loss which is related to
a) Loss of data through technological failures in a Company
b) Loss of data through frauds and cyber crimes in a Company
c) Loss arising due to third party claims following a data loss from an intermediary company.
The Cyber Insurance policy will have to be structured either for these specific losses or as a comprehensive policy including all causes.
The second factor that impacts the Cyber Insurance business is the value of assets building up in the hands of the users. If we ignore the asset build up in the form of hardware which can be covered under other conventional policies we need to look at the value of “Data” as an “Asset”.
Any technology person will vouch for the fact that the quantity of data building up in the society has increased many folds during the last two years. The “Big Data” industry says that between 2009 to 2020, the quantity of data being produced would grow by around 44 times.
The growth is so large that in order to measure data, we are trying to familiarize ourselves with new units of measurement beyond Gigabytes, to Terra bytes, Peta Bytes, exa bytes, Zetta bytes and so on.
Whatever be the value of data, the sheer volume presents a growth picture that is mouth watering for any businessman.
The value of a unit of data itself is not remaining static. Perhaps it is also increasing. Nearly 70% of the data is being created by individuals and most of it is handed over to companies for use, value addition and safe custody.
With laws such as HIPAA, GLBA, Data Protection Act, ITA 2008 etc, the intermediaries are required to protect the data and ensure protection of privacy rights of individuals. With increasing awareness of such laws and better enforcement, the liability that a company has to bear on account of third party data loss is also exponentially increasing.
Of course the cost of data produced within the company is also growing with increased cost of production due to increasing manpower costs and real estate cost.
With such developments, the value of data as an asset representing “Prospective Insurable Assets” is growing at an unimaginable rate. We can therefore expect that the gross market for insurance business will grow at 200% to 300% per annum for the next several years.
The last factor that determines the market for Cyber Insurance is the rate of premium. This is one area where we can see a reduction as the market matures and competition grows. However increasing levels of Cyber Crimes may tend to keep the rate from falling alarmingly and any way the crazy growth in the volume of data assets will ensure that the gross premium potential will be growing in tandem with the data volume growth.
In this background, any shrewd business entity would consider that Cyber Insurance is a gold mine ready to be harnessed. There is no need to look for quantification of the demand which is much more than any individual company can handle.
For records sake however, we may recall a recent study released by PWC titled “Insurance 2020 and beyond-Reaping the dividends of Cyber Resilience” which puts the Cyber Insurance market based on premium at around $ 2.5 billion today and set to grow to around $.7.5 billion by 2020.
It is difficult to cull out the statistics for India separately, but considering that the nation is looking at “Digital India” project with Smart cities, increased e-Governance, etc, the growth prospect in India could be higher than the average global figure represented by the PWC study.
According to the PWC study,
“some 90% of cyber insurance is purchased by US companies, underlining the size of the opportunities for further market expansion worldwide.
In the UK, for example, only 2% of companies have standalone cyber insurance.
Even in the more penetrated US market, only around a third of companies have some form of cyber coverage.
There is also a wide variation in take-up by industry, with only 5% of manufacturing companies in the US holding standalone cyber insurance, compared to around 50% in the healthcare, technology and retail sectors”
It is difficult to see many other business opportunities where the growth prospect is of this order.
So, if you are already in Insurance business but not in Cyber Insurance it is time to ask yourself “Why am I not in this business still?”
If you are little more adventurist, but not in the Insurance industry at present, it is time to think of entering this specialized field where competition is low but prospects are mind boggling.
Let’s explore more on this in subsequent articles..