Hardly any damage, but cyber protection is becoming more expensive

March 16, 2021 – Ergo and Munich Re are arming themselves against surprises from computer criminals – and drawing a lesson from the Covid-19 pandemic. There was a wide range of need for action at a specialist conference. Meanwhile, customers are complaining about the price trend for cyber policies.

The capacities for cyber insurance protection have become scarce – and prices are rising. 70 percent of the companies reported increases in premiums, and 20 to 30 percent reported deterioration in coverage.

Volker Ahrens (Screenshot: Lier)

That said Volker Ahrens on Monday at a virtual event of the General Association of the Insurance-Taking Industry eV (GVNW) on the result of a not yet published survey by the association.

According to Ahrens, who has been responsible for global insurance risk management at SAP SE leads, 90 percent of GVNW members say they have a loss rate of less than 50 percent.

He criticized that the insurers had started this segment years ago “naive”. Now the gold rush mood has given way.

Clear conditions instead of surprises

Dr. Christian Gründl, board member of Ergo Insurance AG, compared the development of cyber risk with the current pandemic. With regard to risk awareness, extent of damage and speed of spread, he sees parallels between Covid-19 and possible IT accumulations – for example the computer worm “Loveletter” 2000 (VersicherungsJournal 30.8.2001).

In his opinion, the industry should learn a lesson from the business closure insurance debacle for coverage against computer crime. “There is a lot that needs to be done about the sums insured and the clarity of the terms and conditions so that everyone is safe from surprises,” he said.

“The danger is real that we will argue after massive attacks, like with the BVS,” said Gründl. You need a “crystal clear” view of the contents of the cover – for example, when it comes to the question of which physical damage is insured by malware.

Risks from silent cyber should be excluded. In his opinion, however, the market has overreacted with the recent exclusions. The best protection for companies and the industry is predictability.

Customers should become more professional

Christian Gründl (Image: Ergo)

He was also critical of his own damage processes. There is still room for improvement: “Many providers promise 24/7 service in the event of a claim. But are these really scaled that far when 1,000 coverages are triggered and we then have to regulate? “

You have to prepare the emergency measures at the companies together with the insured. Small and medium-sized companies (SMEs) in particular do not have enough professionalism here.

Gründl sees the limits of the insurability of this risk only with a higher market penetration of the protection. A “must have” for protection is prevention anyway.

Randsomeware is also still insurable despite the strong increase “as of today”. “It’s not yet toxic. But it can be if the attackers are controlled by the state. Then there must be an exclusion analogous to war and terror. “

Interest from investors

With the parent company Munich Reinsurance Company AG in Munich (Munich Re) is working on a “sales support platform” for cyber, which, among other things, aims to raise awareness of risks among all parties involved (November 3rd, 2020). They have also started to revise the conditions: Risks from the home office have been included, Silent Cyber ​​excluded.

For Bengt von Toll, Head of Cyber ​​Europe and Latin America at Munich Re, there are no strategic shortages in the market, only those for reasons of profitability. The German market started relatively late and with good results at the beginning, so the price level was comparatively low.

The good claims development no longer applies to all participants, segments and regions – the market is reacting to this. But he continues to expect growth.

Attacks should become less attractive

Since insurance capacities will reach their limits, it is good that the capital markets are showing interest. The reinsurer assumes that it has identified the essential accumulations and systemic risks with good models.

“We have clearly defined our risk appetite,” said von Toll. He is critical of the fact that protective measures are still underestimated by users. “We should raise the hurdles financially and technically for the hackers so that attacks become less attractive. You can then buy insurance cover for the residual risk that remains. “

– .