Insurers have met with the Government to discuss the issues surrounding cyber insurance – and have pushed for more streamlined Federal regulation.
The House Committee on Small Business, chaired by Republican congressman Steve Chabot, heard from small businesses associations about the importance of cyber insurance.
Celebrate excellence in insurance. Nominate a worthy colleague for the Insurance Business Awards!
Rep. Chabot opened the hearing by outlining the threat to small businesses, which highlighted the need for wide-ranging cyber insurance uptake: “Sixty percent of small businesses that fall victim to a cyberattack close up shop within six months and the estimated average cost of a cyberattack on a small business is over $30,000.”
Of course, the need for small business to take up cyber policies is already known to the insurance community. This was a chance, however, for insurers to tell the Government what needs to be done to help remedy the pick-up rate of cyber insurance by small business owners.
Globally, less than 5% of small and midsized businesses (SMBs) have cyber insurance. In the US, that number jumps to 19% – but that is still strikingly less than the 70% uptake of cyber policies by large businesses.
So for brokers, that means there is a lot of opportunity, especially since – as one Committee member noted – SMBs are often considered by hackers to be “low hanging fruit”.
Erica Davis, SVP and head of specialty products E&O at
Zurich North America, speaking on behalf of the American Insurance Association, told the Committee that “standardization” of regulatory processes would help insurers sell to SMBs, as education, marketing, and costs would come down.
“Finding solutions to the most complicated of cyber risks will require collaboration between the insurance industry, governments, academia and other think tanks to establish standards, encourage information sharing, build resilience and create adequate global governance,” she said.
“Because there is a myriad of state laws governing data breach, we are interested in a national, uniform standard on data security and breach notification.”
The sentiment was echoed by Eric Cernak, VP and practice leader for US cyber and privacy risk, speaking on behalf of the Reinsurance Association of America (RAA) and the Property Casualty Insurers Association of America (PCI).
He highlighted a 2016
Hartford Steam Boiler survey which quoted the three reasons SMB participants stated they did not purchase cyber policies: the claim that they didn’t need it; cost; and the fact “the process was too complicated and confusing.”
“Insurance companies need to monitor the evolving state, federal, and international privacy and data protection laws … For example, there are 48 different state breach notification/data protection laws with which a small (or large) business must comply,” Cernak said.
“It is … important to US businesses for federal and state governments’ lawmakers, regulators, and other entities focusing on cybersecurity and evaluating potential regulatory changes, to develop clear, consistent requirements and to avoid a patchwork of different requirements and standards.
“The entire insurance and reinsurance industry (as well as consumers) benefit from uniform, consistent standards that are both proportional and flexible enough to work in an ever-changing cyber environment.”
Related stories:
House introduces cybersecurity bill aimed at private-public cooperation
Big data, cybersecurity concern nation’s insurance regulators