Preface: Gartner doesn’t cover cyber insurance, and I’m not really supposed to talk about it, because we don’t give financial or legal advice. This article offers no opinion on cyber insuranceit’s about what we can know about cyber risk based on how cyber insurers perceive their own financial risk.
Take the following (almost) real numbers I’ve seen recently on a cyber risk policy:
- Coinsurance: 50%
Calculating that the client was asked to pay a million dollars, there was essentially only five and a half million in profit. (The 50% coinsurance actually reduces the limit from 15 million to 7.5 million in profit, less deductible and premium). This makes the price of risk in my simple calculations (premium over profit) to about 15.5% profit.
Now compare that to car insurance (again with actual (rather) numbers from a major US insurer). For this I subtracted everything except collision and comprehensive insurance on the asset itself. These numbers look like
- Coinsurance: 0%
Pricing of this risk
What about liability and anything else I got from the auto policy?If I add them, it makes the differences much clearer.
Which means that this particular cyber-insurer rated its cyber risk at more than 10 times that of the risk of automobile loss. Adding responsibility, this factor is greater than 20x!
How about something really exotic, I ride Italian motorcycles. It must be very expensive from an insurance point of view, right? (Again, removing liability),
Are you TEN TIMES more likely to suffer a loss from cyber than to have a car accident? Even if you don’t know how insurance companies rate their risk, just understanding the differences in premiums and benefits between products can tell us a lot about the real risks.
Since driving a car is the most dangerous ordinary activity that many of us will ever do, it is hard to believe that cyber risk is this much bigger! What you conclude is that it seems like these companies factored a huge amount of unpredictability into their risk – our advice probably should too.