On October 11, 2017, the National Association of Insurance Commissioners and the Stanford Cyber Initiative held a joint conference on various topics related to cyber insurance. Below are key takeaways and hot topics discussed by the panelists:
- Companies are becoming increasingly interested in brand/intellectual property coverage to mitigate intangible harm. Some panelists expressed that this is the biggest unmet need in cyber insurance. They suggested one way to address this gap may be to add a special BIPD component to cyber policies.
- There is a rising demand among small and medium-sized businesses (SMB) for cyber insurance that panelists attributed to an increasing realization that a single breach can be catastrophic. While SMBs do not have access to the same range of coverage as larger companies, the industry is working to identify a sustainable method to provide services at palatable rates.
- Panelists reported that they are running models where 100 percent loss is assumed, which is transforming the way they consider and map risk. Some panelists suggested cyber policies should be structured and priced similarly to terrorism-risk programs.
- Pricing of cyber policies was a reoccurring theme throughout the conference, with all of the panelists seeming to agree that the price of policies is currently too low and that insurance companies should do more to incentivize quality cyber practices through differential pricing. One panelist promoted the idea of forcing companies to reduce unnecessary complexity in their systems to reduce price, while another suggested that insurance companies price policies based, in part, on a real-time analysis of the cyber health of the entity from an external perspective.