Insurance 2020 & Beyond: Reaping The Dividends Of Cyber .
Fast growing demand for cyber insurance offers a huge commercialopportunity for insurers and reinsurers, but could also expose theindustry to potentially devastating losses. How can your businessdevelop the risk evaluation, risk pricing and risk transfer structuresand capabilities to put cyber insurance on a sustainable footing?Insurance 2020 & beyond:Reaping the dividends ofcyber resiliencewww.pwc.com/insurance
ContentsIntroduction:Worth the risk?4Cyber vulnerabilities:A risk like no other7Cyber insurance market growth:The need for a more sustainable solution10Cyber sustainability:Genuine protection at the right price12Conclusion:Sharpening differentiation and return17Contacts18PwC Insurance 2020 & beyond: Reaping the dividends of cyber resilience 3
Introduction:Worth the risk?Welcome to ‘Reaping thedividends’ of cyber resilience,the latest viewpoint in PwC’sInsurance 2020 and beyondseries.1Cyber insurance is a potentially huge, but still largely untapped, opportunity forinsurers and reinsurers. We estimate that annual gross written premiums are setto increase from around 2.5 billion2 today to reach 7.5 billion3 by the end of thedecade.Businesses across all sectors are beginning to recognise the importance of cyberinsurance in today’s increasingly complex and high risk digital landscape. In turn,many insurers and reinsurers are looking to take advantage of what they see as a rareopportunity to secure high margins in an otherwise soft market. Yet many others arestill wary of cyber risk. How long can they remain on the sidelines? Cyber insurancecould soon become a client expectation and insurers that are unwilling to embraceit risk losing out on other business opportunities if cyber products don’t form part oftheir offering.In the meantime, many insurers face considerable cyber exposures within theirtechnology, errors & omissions, general liability and other existing business lines.The immediate priority is to evaluate and manage these ‘buried’ exposures.Critical exposures1 www.pwc.com/insurance/future-of-insurance andwww.pwc.com/projectblue2 Speech by John Nelson, Lloyd’s Chairman, at theAAMGA, 28 May 2015 es/2015/05/vision2025-and-aamga)’3 PwC estimate (see page 10)4 ‘UK Cybersecurity: The role of insurance inmanaging and mitigating the risk’, UK Government,March 20155 ‘Net Losses: Estimating the Global Cost ofCybercrime’, Centre for Strategic and InternationalStudies, June 2014. The report estimates thatthe annual losses are between a “conservativeestimate” of 375 billion and a “maximum” of 575billion, giving a “likely” estimate of “more than 400 billion”.So why is there so much scepticism over cyber insurance? Part of the challengeis that cyber risk isn’t like any other risk insurers and reinsurers have ever hadto underwrite. There is limited publicly available data on the scale and financialimpact of attacks. The difficulties created by the minimal data are heightened bythe speed with which the threats are evolving and proliferating. While underwriterscan estimate the likely cost of systems remediation with reasonable certainty, theresimply isn’t enough historical data to gauge further losses resulting from brandimpairment or compensation to customers, suppliers and other stakeholders (aswe explore later, new scenario-based techniques are needed). A UK Governmentreport estimates that the insurance industry’s global cyber risk exposure is alreadyin the region of 100 billion4 ( 150 billion), more than a third of the Centre forStrategic and International Studies’ estimate of the annual losses from cyber attacks( 400 billion)5. And while the scale of the potential losses is on a par with naturalcatastrophes, incidents are much more frequent. As a result, there are growingconcerns about both the concentrations of cyber risk and the ability ofless experienced insurers to withstand what could become a fast sequenceof high loss events.4 PwC Insurance 2020 & beyond: Reaping the dividends of cyber resilience
“ while the underwriting of cyber risks provides opportunitiesfor Lloyd’s syndicates, Lloyd’s is concerned that without propercontrols there exists a material risk of a dangerous aggregation ofexposure in the market. Lloyd’s is also concerned that cyber riskmay not be being properly priced for, nor the exposures adequatelyquantified by managing agents”.Tom Bolt, Director, Performance Management, Lloyd’s6Insurers and reinsurers are charginghigh prices for cyber insurance relativeto other types of liability coverage tocushion some of the uncertainty. Theyare also seeking to put a ceiling on theirpotential losses through restrictivelimits, exclusions and conditions.However, many clients are starting toquestion the real value these policiesoffer, which may restrict market growth.Sustainable footingIn this paper, we look at how cyberinsurance could be a more sustainableventure that offers real protection forclients, while safeguarding insurers andreinsurers against damaging losses.This includes more rigorous andrelevant risk evaluation built aroundmore reliable data, more effectivescenario analysis and partnerships withgovernment, technology companiesand specialist firms. Rather than simplyrelying on blanket policy restrictions tocontrol exposures, insurers would makecoverage conditional on regular riskassessments of the client’s operationsand the actions they take in responseto the issues identified in these regularreviews. The depth of the assessmentwould reflect the risks within the client’sindustry sector and the coverage limits.This more informed approach wouldenable your business to reduce uncertainexposures while offering the types ofcoverage and more attractive premiumrates clients want. Your clients would,in turn, benefit from more transparentand cost-effective coverage. As youlook at how to strengthen balancesheet protection, we also discuss theoptions for more effective risk transferbuilt around a hybrid of traditionalreinsurance and capital marketstructures.Finally, we look at how your businesscould strengthen your own securityin relation to cyber risk. Insurers holdconsiderable amounts of sensitive clientdata, so effective safeguards are essentialin sustaining credibility in the cyber riskmarket and trust in the enterprise as awhole.#1Number 1 risk: Non-lifeinsurers taking part in thelatest Banana Skins surveyranked cyber risk as thebiggest risk facing theirbusinesses.7Cutting across this more sustainableapproach is a holistic view of cyberrisk, which looks at culture, people andprocesses, as well as technology. We callthis cyber resilience.If you have any queries or would like todiscuss any of the issues in this paper inmore detail, please speak to your usualPwC representative or one of the authorslisted on page 18.6 Lloyd’s Market Bulletin, 25 November 20147 806 industry participants from 54 countries wereinterviewed for Insurance Banana Skins 2015,a unique survey of the risks facing the industry,which was produced by the Centre for the Studyof Financial Innovation (CSFI) in association withPwC (http://www.pwc.com/insurancebananaskins)PwC Insurance 2020 & beyond: Reaping the dividends of cyber resilience 5
Insurance 2020 and beyond:Future of insuranceInsurance 2020 and beyond: Reaping the dividendsof cyber resilience is the latest viewpoint in PwC’sInsurance 2020 and beyond series, which exploresthe megatrends that are reshaping the competitiveenvironment for insurers, reinsurers, brokers and themarkets in which they operate.8Our clients are using Insurance 2020 and beyondto help them judge the implications of these trendsfor their particular organisations and determine thestrategies needed to respond. The central message isthat whatever organisations are doing in the shortterm – be this dealing with market instability orjust going about day-to-day business – they need tobe looking at how to keep pace with the sweepingSocial, Technological, Economic, Environmental andPolitical (STEEP) developments ahead.8 www.pwc.com/insurance/future-of-insurance andwww.pwc.com/projectblue6 PwC Insurance 2020 & beyond: Reaping the dividends of cyber resilience
1Cyber vulnerabilities:A risk like no otherThe challenges presented bycyber risk defy traditionalrisk evaluation, pricing andmanagement.The digital revolution has created a highly interconnected world that is awash withdata, much of it sensitive, and much of it vulnerable to fraud, theft and compromise.Add to that malware, denial of service and other malicious attacks, and cyber riskemerges as one of the biggest threats of our age.Cyber criminals are constantly probing for weaknesses and adapting their tactics.And while our image of the perpetrators often centres on activists or organisedgangs, they could just as easily be employees. The targets are also broadening. Aclear example came from the insurance sector itself when a company was hacked forthe tracking data they held on cargo shipments.All these factors make cyber crime a costly, hard to detect and difficult to combatthreat. From an insurance perspective, while analogies are often made with terrorismor catastrophe risks, cyber risk is, in many ways, a risk like no other.9 ‘Net Losses: Estimating the Global Cost ofCybercrime’, Centre for Strategic and InternationalStudies, June 2014. The report estimates thatthe annual losses are between a “conservativeestimate” of 375 billion and a “maximum” of 575 billion, giving a “likely” estimate of “morethan 400 billion”.Cyber crime costs the global economy more than 400 billion ayear9 and the costs will continue to growPwC Insurance 2020 & beyond: Reaping the dividends of cyber resilience 7
1% of insurance CEOs, 79% of banking CEOs (the highest of any sector)7and 61% of business leaders across all industries see cyber attacks as athreat to growth, ranking it higher than shifts in consumer behaviour, thespeed of technological change and supply chain disruption.101 Both frequent and severeAs Figure 1 indicates, cyber risks scorehighly on both impact and likelihood.Figure 1: Impact and likelihood of global risks5.5Spread of infectious diseasesIMPACT if the risk were to occur (score)Weapons ofmass destructionEnergy priceshockCritical informationinfrastructure breakdown5.04.5Cyber attacksAsset bubbleFood crisisFailure of financialmechanism or institutionDeflationFailure of criticalinfrastrctureInterstateconflictOur annual survey of security, IT andbusiness executives shows that therewere nearly 43 million global securityincidents detected in 2014.11 This is theequivalent of more than 100,000 attacksa day. The financial impact keeps rising(see Figure 2) and has, in some cases,run into tens of millions of dollars.Insurers could face a rapid succession ofsevere losses, making it harder to absorbthe impact or subsequently rebuildthe balance sheet in the same way asfollowing a catastrophe event.Unemployment orUnderemploymentState Failure of nationalProfound socialcollapse governanceinstabilityor crisisMisuse of technologiesUnmanageableinflationFailure of climatechange adaptationFiscal crisesTerroristattacksBiodiversity loss andecosystem collapseWater crisesLarge-scaleinvoluntarymigrationData fraudor theftExtreme nmentalcatastrophes4.0Failure ofurban planning3.53.54.04.55.05.56.0LIKELIHOOD to occur over the next 10 years chnologicalNote: Survey respondents were asked to assess the likelihood and impact of the individual risks on a scale of 1 to 7, 1 representinga risk that is not likely to happen or have impact, and 7 a risk very likely to occur and with massive and devastating impacts.Source: World Economic Forum ‘Global Risks, 10th Edition’, 2014Figure 2: Incidents are more costly for large organisationsAverage financial losses due to security incidents, 2013–2014n 2013 n 2014 0.65millionSmall 0.41millionRevenue less than 100 Million 1.0millionMedium 1.3 3.9millionmillionmillionRevenue 100 Million - 1 BillionLargeRevenue more than 1 BillionSource: ‘Managing cyber risks in an interconnected world: Key findings from the Global State of Information Security Survey 2015’, PwC118 PwC Insurance 2020 & beyond: Reaping the dividends of cyber resilience 5.9
2 Loss contagion is hard to containThe impact of business interruption andsystems remediation is compoundedby knock-on losses including fines,litigation and reputational damage.Figure 3 outlines the long andunpredictable fallout from a cyberbreach. All businesses operate withinan increasingly interconnected andinterdependent ecosystem, in which itis not just their own systems and datathat are vulnerable, but those of theirsuppliers, customers and strategicpartners. The Internet of Things hasheightened the connectivity andassociated vulnerability further still.12Businesses are also concerned about thethreat of attacks on the infrastructurethey rely on.3 Risks are difficult to detect,evaluate and priceThere is limited actuarial data on thefinancial impact of cyber attacks, whichmakes this a difficult risk to evaluateor price with any precision. Whileunderwriters can estimate the cost ofgetting IT systems back up and runningin the same way as if they were put outof action by fire or flood, there simplyisn’t enough data to estimate the furtherlosses resulting from brand impairmentor compensation payments to customers,suppliers and other stakeholders. Theuncertainty is compounded by the factthat cyber security breaches can remainundetected for several months, evenyears, which opens up the possibility ofaccumulated and compounded lossesdown the line.Even if your business offers nostandalone cyber coverage, it needsto gauge the exposures that existwithin your wider property, businessinterruption, general liability anderrors & omissions coverage. There maybe exclusions that limit the potentialfor claims (e.g. the need for physicaldamage to trigger business interruption),but this should be thoroughly checked.Figure 3: A cyber breach has a long and unpredictable tailDetermine extentNotification,of breach, volumecredit monitoring,and type ofcredit restorationinformation lostRecognisebreachReview legaland regulatoryactions necessaryin breach responsePotentialregulatory finesand penaltiesincurredVendor fines andpenalties incurredThird-partylitigation anddamagesSource: PwCInsurers are expected to leadWho will take ultimate responsibilityfor the management of this growing,uncertain and costly risk?Boards are coming to realise the need forsafeguards against the most damagingcyber attacks. Cyber insurance is onerisk transfer option. Yet, while manyinsurers have eagerly embraced therevenue growth opportunities openedup by cyber insurance products, othersbelieve that this is too big a risk for themto take on. There has also been sometalk about whether governments wouldbe prepared to step in as an insurer orreinsurer of last resort, as they have withterrorism and some hard to place floodcoverage. However, our own discussionswith a number of governments indicatethat their preferred solution would becommercial insurance, which wouldbe structured and governed by definedgovernment-set standards. Even wherethe cyber attacks are state-sponsored,there would be a reluctance to declarethis as an act of war and hence invokecertain exclusion clauses.Your business could choose not tounderwrite cyber risks explicitly, but ashighlighted earlier, the exposure mayalready be part of existing policies.As cyber coverage moves into themainstream, there could also be director implicit pressure from longstandingclients or brokers to offer it. Therefore,like it or not, cyber risk coverage wouldneed to form at least some part of yourbusiness plans.10 1322 CEOs interviewed for PwC’s 18th AnnualGlobal CEO Survey (www.pwc.com/ceosurvey)11 ‘Managing cyber risks in an interconnected world:Key findings from the Global State of InformationSecurity Survey 2015’, PwC rmationsecurity-survey)12 ‘Insurance 2020 and beyond: Necessity is themother of reinvention’, PwC, 2015 (www.pwc.com/insurance2020reinvention)PwC Insurance 2020 & beyond: Reaping the dividends of cyber resilience 9
2Cyber insurance market growth:The need for a more sustainablesolutionInsurers are relying on tightpolicy terms and conditionsand conservative pricingstrategies to limit their cyberrisk exposures. But howsustainable is this approachas clients come to questionthe value of their policiesand market bodies begin toexpress concerns about thelevel and concentration ofcyber risk exposures?13 Speech by John Nelson, Lloyd’s Chairman, at theAAMGA, 28 May 2015 es/2015/05/vision2025-and-aamga)’14 Fortune, 23 January 201515 Reuters, 23 March 201516 Aon Benfield Insurance Risk Study 201417 Willis Insights, March 2014There is no doubt that cyber insurance offers considerable opportunities for revenuegrowth.An estimated 2.5 billion in cyber insurance premium was written in 2014.13 Some90% of cyber insurance is purchased by US companies,14 underlining the size of theopportunities for further market expansion worldwide. In the UK, for example, only2% of companies have standalone cyber insurance.15 Even in the more penetratedUS market, only around a third of companies have some form of cyber coverage.16There is also a wide variation in take-up by industry, with only 5% of manufacturingcompanies in the US holding standalone cyber insurance, compared to around 50%in the healthcare, technology and retail sectors.17 As recognition of cyber threatsincreases, take-up of cyber insurance in under-penetrated industries and countriescontinues to grow, and companies face demands to disclose whether they have cybercoverage (examples include the US Securities and Exchange Commission’s disclosureguidance18). We estimate that the cyber insurance market could grow to 5 billion inannual premiums by 2018 and at least 7.5 billion by 2020.There is a strong appetite among underwriters for further expansion in cyberinsurance writings, reflecting what would appear to be favourable prices incomparison to other areas of a generally soft market – the cost of cyber insurancerelative to the limit purchased is typically three times the cost of cover for moreestablished general liability risks.19 Part of the reason for the high prices is the stilllimited number of insurers offering such coverage, though a much bigger reason isthe uncertainty around how much to put aside for potential losses.Many insurers are also setting limits below the levels sought by their clients (themaximum is 500 million, though most large companies have difficulty securingmore than 300 million20). Insurers may also impose restrictive exclusions andconditions. Some common conditions, such as state-of-the-art data encryption or100% updated security patch clauses, are difficult for any business to maintain.Given the high cost of coverage, the limits imposed, the tight attaching termsand conditions and the restrictions on whether policyholders can claim, manypolicyholders are questioning whether their cyber insurance policies are deliveringreal value. Such misgivings could hold back growth in the short-term. There is also apossibility that overly onerous terms and conditions could invite regulatory action orlitigation against insurers.18 uidance-topic2.htm19 ‘UK Cybersecurity: The role of insurancein managing and mitigating the risk’, UKGovernment, March 201520 Financial Times, 18 February 201510 PwC Insurance 2020 & beyond: Reaping the dividends of cyber resilience
Growing concernsEven with the limits, conditions andexclusions being used to curtail potentiallosses, many regulators and marketbodies are still concerned about theaccumulation and concentration of cyberexposures.The regulatory response has b
Cyber insurance market growth: 10 The need for a more sustainable solution Cyber sustainability: 12 Genuine protection at the right price Conclusion: 17 Sharpening differentiation and return Contacts 18. 4 PwC Insurance 2020 & beyond: Reaping the dividends of cyber resilience Cyber insurance is a potentially huge, but still largely untapped, opportunity for insurers and reinsurers. We estimate .
May 02, 2018 · D. Program Evaluation ͟The organization has provided a description of the framework for how each program will be evaluated. The framework should include all the elements below: ͟The evaluation methods are cost-effective for the organization ͟Quantitative and qualitative data is being collected (at Basics tier, data collection must have begun)
Silat is a combative art of self-defense and survival rooted from Matay archipelago. It was traced at thé early of Langkasuka Kingdom (2nd century CE) till thé reign of Melaka (Malaysia) Sultanate era (13th century). Silat has now evolved to become part of social culture and tradition with thé appearance of a fine physical and spiritual .
On an exceptional basis, Member States may request UNESCO to provide thé candidates with access to thé platform so they can complète thé form by themselves. Thèse requests must be addressed to esd rize unesco. or by 15 A ril 2021 UNESCO will provide thé nomineewith accessto thé platform via their émail address.
̶The leading indicator of employee engagement is based on the quality of the relationship between employee and supervisor Empower your managers! ̶Help them understand the impact on the organization ̶Share important changes, plan options, tasks, and deadlines ̶Provide key messages and talking points ̶Prepare them to answer employee questions
Dr. Sunita Bharatwal** Dr. Pawan Garga*** Abstract Customer satisfaction is derived from thè functionalities and values, a product or Service can provide. The current study aims to segregate thè dimensions of ordine Service quality and gather insights on its impact on web shopping. The trends of purchases have
Chính Văn.- Còn đức Thế tôn thì tuệ giác cực kỳ trong sạch 8: hiện hành bất nhị 9, đạt đến vô tướng 10, đứng vào chỗ đứng của các đức Thế tôn 11, thể hiện tính bình đẳng của các Ngài, đến chỗ không còn chướng ngại 12, giáo pháp không thể khuynh đảo, tâm thức không bị cản trở, cái được
Reaping a Multiple Reward by Jim Rohn For every disciplined effort, there are multiple rewards. That’s one of life’s great arrangements. In fact, it’s an extension of the Biblical law that says that if you sow well, you will reap well. Here’s a unique part of the Law of Sowing and Reaping. Not only does it suggest that we’ll all
Am I My Brother's Keeper? Grounding and Motivating an Ethos of Social Responsibility in a Free Society (Thisisadraftpriortopublication. Forpublishedversion,&see cal(Philosophy, Vol.&12,&No.&4,&December&2009,&559–580. Pleaseusepublished&versionforallcitations). David Thunder Matthew J. Ryan Center for the Study of Free Institutions and the .
