Cyber Risk Insurance 1

CYBER RISK INSURANCE

By (name)

Name of the class (course)

Professor

University name

City where located

Date
 Cyber Risk Insurance 2

Like any other business, a firm may store, use, transfer and manage large electronic data. The

data may include the customers’ information, tax records, sales report, administration information,

vendors’ information, employees’ records, information, and other information. In one way or another,

the data stored can be damaged, stolen, compromised or lost. The systems can burn up, crush, be

stolen or be damaged losing all the information stored in. The cost of restoring the information lost

can be quite a large budget. The firm, however, may also be accountable for the third parties damages

in case the information was stolen (Malhotra, Y. 2017) Moreover, the organization may be required to

notify the affected individuals by the breach, which will need the company to foot the notification

bills. Cyber risk insurance is a policy plan that is set to help an organization or an insured institution

to cover some or the whole budget of data recovery and data breach.

Cyber risk insurance is also known as cyber liability insurance covers several risks. The risks

are determined by the nature of loss or occurrence. The cause of loss can be fraud, theft, damage from

natural disaster or accidents. In case of theft or fraud, the company may be required to foot the

liability cost, which is the cost, incurred by third parties or the company’s clients because of data

breach or cyber-attack. The company, however, must also spend on system restoration and data

recovery and notification expenses where the firm notifies all the affected party on the data breach.

The company may find itself in a class action lawsuit, and exceptional regulatory charges may be

incurred. The damaged system maybe from accidents, fire, floods or any other cause, the company

may suffer the cost system restoration and data recovery (Eling, M. and Schnell, W. 2016, 17)

Quantifying and assessing the risk exposer in terms of money is always a challenge to many

organizations due to the dynamic nature of the technology. However, when evaluating the risks, it

sometimes possible to measure and quantify the organization’s risks in economic terms. The

quantification helps the company to manage the risks and helps in better decision making. There is

cyber exposure quantification where the insurer can analyze the impact of an incident or a breach on

the insured organization using cyber scenarios that are technically sound. These scenarios are

examined to give out estimated losses results using the cost models. The company through the events

scenario can estimate the data breach impact (Cherdantseva, Y., Burnap, P., Blyth, A., Eden, P.,
 Cyber Risk Insurance 3

Jones, K., Soulsby, H. and Stoddart, K. 2016, 22). A scenario is investigated; the consequences of the

breach are quantified in economic terms. For example, if the breach would affect third parties and

customer’s information, the notification charges are estimated according to the number of the affected

individuals.

However, the company can also quantify the risk in terms of losses made in dollars. An

analysis of an event scenario is carried out to find out an estimated amount that a business can suffer

due to a data breach or cyber-attack. All the claims that might be raised are quantified in monetary

value. Moreover, the company can quantify the risk in terms of business interruption. A data breach,

cyber-attack or system compromise can interrupt a business or cripple the business technologically. A

company can quantify the risk by estimating the total loss the company will suffer due to business

interruption (Pal, S. and Mukhopadhyay, A. 2018)

Cyber risk insurance is as essential as any other policy. You can imagine running into an

accident, hurt yourself and another party and you don’t have insurance. It would be too expensive for

you and burdensome that you would opt being jailed. The same happens in the event of cyber-attack

or data breach. Most the small business owners don’ believe there is a need to take a risk insurance

policy. They tend to think that hackers and internet villains are only interested in big sharks where

they would scoop large sums. But according to recent findings, Kshetri, N. (2018, 9) study show that

SMEs suffer cyber-attacks frequently than large companies. This is because; hackers have found that

SMEs are easy to break through. Therefore, SMEs cannot just assume that only large companies

should be concerned with cyber risk insurance.

Modern organizations need this insurance policy. In the world today, technology is taking

over. Every company is storing its information in an electronic method. Many businesses prefer

recording their daily activities and data on computers. The data stored can easily be compromised,

stolen or be breached. The consequences of a cyber-crime can be too expensive for a company to

bear. The company might be forced to use all its wealth on compensation and liabilities thereby

crippling the company. With the loss of critical information might push a company into a legal
 Cyber Risk Insurance 4

situation, which requires funds. With the help of this insurance policy, the company will not have a

heavy burden to carry. The compensation from the insurance will help the business solve and face the

impacts (Radanliev, P., De Roure, D., Cannady, S., Montalvo, R.M., Nicolescu, R. and Huth, M.

2018, 15)

Stories have been said and written about the impacts of data breach and cyber-attack on multi-

national companies, government organizations and charity organization with huge donations, buying

and selling sites. Some sunk never to rise again. Others were crippled financially due to liability and

restorations cost, making it hard for them to recover. The importance of this insurance policy is

clearly stated though many businesses don’t seem to understand (Tosh, D., Shetty, S., Sengupta, S.,

Kesan, J. and Kamhoua, C. 2017, 22)The most significant benefit of insuring a cyber risk is the

compensation or the cost covering that is done by the insurer in case of an incident. Many companies

believe they are safe from malicious action and hacking. However, a significant number of companies

have suffered a data breach or loss due to the reckless operation of employees. Mistakes do happen,

and no one can predict that an error will not or will happen. Dealing with a cyber-attack scenario or

impact can be very expensive, but the cyber risk insurance is designed to cover the cost related to the

breach.

However, there are several challenges of insuring a cyber risk. Insurers have trouble in

defining cyber-attacks. Because of the dynamic nature of technology, the insurers lack a clear

definition of how threats can influence the insurer. This makes it hard for the insurer to do an explicit

estimation or quantification of the impact or the risk. Moreover, many businesses are in a dilemma of

whether they should spend on policy or prevention of data breaching. Many companies prefer

investing in better firewalls, upgrading system security and cyber protection rather than purchasing

the insurance policy. The fact that many companies do not fully understand the cyber risk confronting

them; they do not seek insurance help or mind to find out the available policies (Radanliev, P., De

Roure, D.C., Maple, C., Nurse, J.R., Nicolescu, R. and Ani, U. 2019, 13)
 Cyber Risk Insurance 5

There are different types or parts of cyber risk insurance policies. These policies are contracts

that the company enters with the insurer, and the insurer is expected to pay in case the risk happens.

The first policy is the first party coverage. This policy covers the cost of lost or damaged electronic

data. In case of damage, theft or compromise of the stored data, the plan covers every cost associated

with it including data recovery, system restoration, expert consultation and any hiring involved. The

policy may also cover the loss of income and any extra expenses to avoid collapsing or shutdown of

the business.

Moreover, the policy may cover cyber extortion losses. This is where a hacker penetrates a

company’s system and threatens to destroy the system, damage the data, shut down the system,

compromise or release confidential data to the public unless he is paid some amounts. Eling, M. and

Schnell, W. (2016, 14) explain that the insurance would cover that cost by paying the bandit. This

policy also includes the notification cost that a company may incur in notified the individuals whose

information has been breached. Some insurers may cover the reputation damage by covering the

marketing and the public relations budget.

The third party policy covers all the claims settlements and damages. This policy covers

network security liability where a company might find itself in lawsuits charges due to a data breach.

A case can be raised against a company that it was unable to safeguard the clients’ information. This

policy covers the cost. The policy may also cover error and omission liabilities. A software company

can take a policy that will cover it from claims arising out of software mistakes, coding errors, and

omission. In general, the policy covers the firm against the stated claims made by a third party due to

data breaching (Biener, C., Eling, M. and Wirfs, J. 2015, 18)

The planet s quickly evolving, and most businesses are fighting to digitalize all their

processes. Companies are determined to process, manage and store data electronically. Many markets

are now turning to online stores where one can use their credit cards to purchase. Therefore,

companies are turning into data companies where a lot of personal information of customers,

employees and the company are stored electronically. The presence of online villains has quickened
 Cyber Risk Insurance 6

the minds of entrepreneurs, and they are investing heavily on data security and firewalls to make sure

the company’s data is safe from hackers (Eling, M. 2018, 77) However, the technology is also

evolving quickly and hackers are inventing new ways of cracking into the system every day. This

gives insurance companies a chance to introduce this new policy in the market, the cyber insurance

policy. As we grow technologically, the need to insure a business against cyber-attack will rise and

become a necessity. This means the future seems to be brighter for this policy

It is the desire of all underwriters, insurers and insurance brokers that there be as few claims

as possible. If more claims are made, the insurers will suffer losses. This tells that shortly, the cost of

cyber risk insurance will rise to facilitate the high number of claims. However, to counter this

problem, a training session should be considered. All employees should be sensitized and educated on

errors and mistakes that are caused by reckless and bad cyber behaviors. If the training is done

successfully, the insurers will always be receiving few claims. Otherwise, the claims will be many,

and few insurers will be willing to insurer companies. Anyhow, many companies are going to

embrace the cyber insurance policy out of need. The risk of shutdown due to information loss or data

breach cost will drive many companies into taking the policy.

In conclusion, cyber risk insurance has become a necessity for every data company. Since the

late 1990s, technology has dramatically evolved and embraced in the economic world. In the same

way, technological risks have raised and changed as technology excels. Initially, cyber risk insurance

was not in the market. It has found its way in the world market due to the increased cases of cyber-

attacks and data breaching. The current world today does not fully understand the scope of the cyber

risk they are exposed to which makes them not to seek the policy. However, as the world evolves and

online transactions become part of every business, companies will run to insurers for cyber liability

insurance.
 Cyber Risk Insurance 7

References

Malhotra, Y., 2017. Advancing Cyber Risk Insurance Underwriting Model Risk Management Beyond

VaR to Pre-Empt and Prevent the Forthcoming Global Cyber Insurance Crisis. Available at

SSRN 3081492.

Eling, M. and Schnell, W., 2016. What do we know about cyber risk and cyber risk insurance?. The

Journal of Risk Finance, 17(5), pp.474-491.

Cherdantseva, Y., Burnap, P., Blyth, A., Eden, P., Jones, K., Soulsby, H. and Stoddart, K., 2016. A

review of cyber security risk assessment methods for SCADA systems. Computers &

security, 56, pp.1-27.

Pal, S. and Mukhopadhyay, A., 2018. Cyber Risk Quantification and Mitigation Framework for

Healthcare using Machine Learning.

Kshetri, N., 2018. The Economics of Cyber-Insurance. IT Professional, 20(6), pp.9-14.

Radanliev, P., De Roure, D., Cannady, S., Montalvo, R.M., Nicolescu, R. and Huth, M., 2018.

Economic impact of IoT cyber risk-analysing past and present to predict the future

developments in IoT risk analysis and IoT cyber insurance.

Tosh, D.K., Shetty, S., Sengupta, S., Kesan, J.P. and Kamhoua, C.A., 2017, May. Risk management

using cyber-threat information sharing and cyber-insurance. In International Conference on

Game Theory for Networks (pp. 154-164). Springer, Cham.

Radanliev, P., De Roure, D.C., Maple, C., Nurse, J.R., Nicolescu, R. and Ani, U., 2019. Cyber Risk in

IoT Systems.
 Cyber Risk Insurance 8

Eling, M. and Schnell, W., 2016. What do we know about cyber risk and cyber risk insurance?. The

Journal of Risk Finance, 17(5), pp.474-491.

Biener, C., Eling, M. and Wirfs, J.H., 2015. Insurability of cyber risk: An empirical analysis. The

Geneva Papers on Risk and Insurance-Issues and Practice, 40(1), pp.131-158.

Malhotra, Y., 2017. Advancing Cyber Risk Insurance Underwriting Model Risk Management Beyond

VaR to Pre-Empt and Prevent the Forthcoming Global Cyber Insurance Crisis. Available at

SSRN 3081492.

Eling, M., 2018. Cyber risk and cyber risk insurance: status quo and future research.

Chase, J., Niyato, D., Wang, P., Chaisiri, S. and Ko, R., 2017. A scalable approach to joint cyber

insurance and security-as-a-service provisioning in cloud computing. IEEE Transactions on

Dependable and Secure Computing.