Cyber ??risks: a market in the making

What is a cyber attack?

A cyber attack occurs when the IT infrastructure (computer, server, communicating devices or peripherals) of a private citizen, a government body or a company is compromised by a malicious external user.

The French government has identified four major types of cyber risks:

• Cyber crime: acquisition, exploitation and resale of private data. Examples include “phishing” and “ransomware”.
• Harm to image: modification of a website’s appearance, reuse of its content, exploitation of a software vulnerability. Attacks can be carried out by “distributed denial of service” (DDOS) or by “defacement”.
• Espionage: infiltration and theft of data, identity theft, contamination. Examples include “watering hole” and “spearphishing” attacks.
• Sabotage: partial or total destruction of an IT system.

Cyber insurance: a growth market with opportunities for small office/home office organisations, SMEs and intermediate-sized enterprises

In 2016, subscriptions to cyber-risk policies were virtually non-existent in France, but large companies are now taking out such policies at a growing rate. Today, the coverage ratio for companies listed on the CAC 40 French stock market index is approaching 70%, and the global penetration rate in this segment is rising.

For SMEs, the market is much less mature, with the coverage ratio decreasing in proportion to the size of the company. Consequently, only 5% of small office/home office organisations, SMEs and intermediate-sized enterprises are thought to be covered by cyber insurance. The reasons: their lower exposure/sensitivity to digital risks and the initially prohibitive financial cost of cyber-insurance policies for small operators.

However, as it represents a huge market in terms of both volume and value, this is the fastest-growing segment today. Cyber-insurance solutions with specially adapted pricing and levels of cover are now starting to be marketed with a view to attracting the interest of professionals and offering them accessible coverage.

Health professionals are becoming increasingly aware of privacy issues relating to the protection of their patients’ health data. For this reason, “Cyber risk” coverage was added to the Comprehensive Professional solution in 2017.

CAA is targeting the Professional cyber-risk market

The Crédit Agricole Group is taking an active interest in this new market. As a bank insurer benefiting from a high penetration rate among small office/home office organisations and SMEs in France, our positioning in the cyber coverage segment enables us to address our clients’ growing concerns while providing greater security for their banking commitments by reducing the risk of business disruptions.

Pacifica markets a comprehensive offering for small office/home office organisations and SMEs. Its “Cyber Protection” policy enables professionals to obtain crisis management assistance (24 hours a day, 7 days a week), provides personal liability cover in the event of third-party losses, compensation for losses suffered by the company and coverage of operating losses in the event of an interruption to business following a cyber attack (optional).

Towards international development

Cyber insurance has become a key development focus in an increasingly competitive market. At the international level, the French market is valued at approximately €50 M[2] on a European market that collects a total of €300 M in annual premiums. The American market accounts for a very large proportion of this market with €4 billion in premiums[3] and nearly a quarter of the companies covered.

[1] First barometer survey of emerging risks for insurance – FFA – February 2018
[1] Argus de l’Assurance, 7 February 2018
[2] News-Assurances Pro, 2 February 2018, “Grands risques : 2018, l’année de la cyber assurance ?” (“Major Risks - Is 2018 the Year of Cyber Insurance?”)