Cyber Insurance is the New Trend
Cyber Insurance is an insurance product to protect businesses and individual users from internet-based risks, and more generally from risks relating to information technology infrastructure and industry. As one of the leading insurance and reinsurance companies, Axis Capital with a group of companies from Bermuda, Singapore, US, UK and Australia, cyber Insurance coverage includes first party coverage against losses such as data destruction, extortion, fraud, scams, theft, hacking, and denial of service attacks.
In the 1990s, early works on this field is focused on the general merits of cyber insurance. When the perspective of information security became more prominent in the late 1990s, visions of cyber insurance as a risk management tools were formulated. With the start of this insurance, the market failed to thrive and remained in a niche for unusual demands as coverage is tightly limited and clients need to qualify as SMBs. The highest rate that the insurance would get is in 2005 which is five times higher than the size of the market in 2008. Overall, in relative terms, the market for cyber-insurance shrank as the Internet economy grew. In practice, a number of obstacles have prevented the market for cyber-insurance from achieving maturity. The spread for insurance had affected this slow growth as developing countries like Jakarta, Indonesia, Cambodia, Kuala Lumpur, Malaysia, South Africa, etc have cyber insurance in the least of their priorities. Legal and procedural hurdles also caused the insurance to be unpopular among nations in which it brought complaints and frustrations when claiming compensation for damages. Meanwhile, witnessing thousands of vulnerabilities, millions of attacks, and substantial improvement in defining security standards and computer forensics calls into question the validity of these factors to causally explain the lack of an insurance market.
In spite of improvements in risk protection techniques over the last decade due to hardware, software and cryptographic methodologies, it is impossible to achieve perfect/near-perfect cyber-security protection. The impossibility arises due to a number of reasons:
• Scarce existence of sound technical solutions.
• Difficulty in designing solutions catered to varied intentions behind network attacks.
• Network users taking advantage of the positive security effects generated by other users' investments in security, in turn themselves not investing in security and resulting in the free-riding problem.
• Customer lock-in and first mover effect of vulnerable security products.
• Difficulty to measure risks resulting in challenges to designing pertinent risk removal solutions.
• The problem of a lemons market, whereby security vendors have no incentive to release robust products in the market.
• User naivety in optimally exploiting feature benefits of technical solutions.