In the early hours of April 30, the Town of Wasaga Beach, Ont. was hit by a ransomware attack that locked all the files on the town’s network, including back-up servers located off site.
While the town was still able to deliver services to its residents, the hackers had demanded it pay a ransom. In the end, the town decided to pay the ransom in order to resolve the situation and regain access to the data.
That incident, and another hack on the Town of Midland a few months later, prompted local representatives in Prince Township – located on the outskirts of Sault Ste. Marie, Ont. – to consider purchasing cyber insurance as a means of protection in the event that the town fell victim to hackers.
As more organizations look to protect themselves from breaches, the cyber insurance market has substantial potential for growth, according to a recent report by RBC Capital Markets. The authors of the report estimate that the size of the industry could reach between $8 billion and $9 billion by 2020.
According to the report, released October 31, demand for cyber insurance is expected to increase significantly over the coming years due to a variety of factors, including the increasing awareness about risks associated with cyber security, regulatory changes such as those seen in Europe, and an increase in the frequency and severity of attacks in recent years.
“The insurance sector has an opportunity to benefit from a class of business that is growing – cyber,” the report said.
“The world is becoming more and more connected and individuals increasingly rely on electronic devices to do business. The risk of systems being compromised, and the reliance on these systems has never been higher.”
What is cyber insurance?
Cyber insurance, a relatively new product, covers losses or damage of data, IT systems and networks as a result of a cyber breach. It typically covers privacy and data breaches, business interruptions, hacking damage and extortion, the report says.
RBC estimates that the cyber insurance market in the U.S., which is the main driver of cyber insurance premiums, could already be worth as much as $5 billion. So far, the market is dominate by U.S.-based insurers such as Chubb Ltd., AIG Inc., XL Catlin Inc., The Travelers Companies Inc. and Beazley Ltd.
Still, the report says the cyber insurance market can be opened up further if companies expand their coverage options. According to a survey conducted by the Ponemon Institute, a privacy research firm, 31 per cent of companies cited inadequate coverage as a reason for not purchasing cyber insurance. (The top reason was that premiums were too expensive.)
“Cyber insurance is an important tool for risk management, in our view,” the report said. “The increasing amount of regulation with this space including fines, notification and the public relations issues following a data breach means that organizations may need help to remedy the situation and recoup the costs they suffered.”
But the potentially burgeoning industry will certainly face some challenges going forward. The report cites a lack of understanding about the risks associated with cyber crimes, which makes it difficult to price products, as well as the potential of systemic losses “resulting in potentially more dangerous catastrophic losses than natural disasters.”
In the meantime, Prince Township is still undecided as to whether the town should purchase a cyber insurance plan from Algoma Insurance Brokers. The plan would cost $1,300 annually, according to a report from the Sault Star.
“We don’t know if we’re going to get it at this point, because it is expensive,” said Mayor Ken Lamming.
“If you buy insurance, what kind of protection does it give for people that may be hacked? … We want to know who else has it and is it really necessary? There’s still lots of question to be asked.”