Preface: Gartner does not cover cyber insurance. I am not supposed to talk about it. This post is not an opinion on cyber insurancewhich is about what we can learn about cyber risk based on how cyber insurers view their own financial risk.
Let’s take a look at the following actual (likely) numbers we’ve seen recently in cyber risk policies:
Mutual Aid: 50%
By calculating that the client was being asked to pay $1 million, we were only effectively profiting $5.5 million. (50% co-insurance is actually He’s 15 minutes limit reduced to He’s 7.5 minutes benefit, minus deductible and premium).This gives me a simple calculation of the price of risk (premium over profit) as About 15.5% of profit.
Then compare it to auto insurance (again using actual (likely) numbers from major US insurers).For this I have deducted everything except the collision of the property itself and the comprehensive insurance.
Mutual Aid: 0%
If we price this risk at $900 and the benefit at $74000, then: 1.2% of profit – Given the unpredictability of automatic losses, which is an eye-opening difference.
What about liability and all the things I took out of car insurance?Adding them back in would raise the profit significantly to $375,000 for the $1400 premium, and the price of that risk would be Less than 0.5%.
In other words, this particular cyber insurer set its cyber risk at more than 10 times its auto damage risk. Add responsibility and the factor multiplies by more than 20.
How about something really exotic, I race motorcycles in Italy. From an insurance point of view, it has to be really expensive, right? (Again, removing liability), a profit of $45,000 on a $600 premium, my insurance company estimates the risk of losing my bike. at the racetrack Just: 1.3%
Are you 10 times more likely to suffer a loss due to cyber than to be in a car accident? Just understanding the difference can tell you a lot about where you feel your actual risk lies.
Given that driving a car is the most dangerous normal activity many of us do, it’s hard to believe that cyber risk is dangerous. that much bigger! Your conclusion is that these companies seem to factor in an enormous amount of unpredictability into their risks – our boards probably should too.