In the context of today's digital economy, the huge economic losses caused by frequent cybersecurity incidents have promoted the rapid development of cybersecurity insurance. In China alone, the premium scale of cyber security insurance in the past three years has reached 70 million yuan, 1.4 yuan and 300 million yuan respectively, although the market base and scale are small, but the growth trend is strong. Compared with other property insurance, cyber insurance has become one of the fastest-growing sectors in the global property insurance market, which shows the broad development prospects.
Although cyber security insurance has shown a good momentum of development on the demand side, we can find obvious shortcomings on the supply side, such as imperfect pricing, unreasonable design, and non-standard claims. It can be said that today's cyber insurance and related services cannot fully meet the current market demand, so what kind of cyber security insurance solutions can keep up with the increasingly complex cyber security risks? Let's take a closer look.
1
Favorable policies are intensively introduced,
Cyber insurance is on the fast track
As mentioned at the beginning of the article, the domestic cyber security insurance market has a large gap and limited product supply capacity, in fact, in the final analysis, there is still no unified and perfect pricing standards, evaluation system, and relevant laws and regulations, so it has fallen into an embarrassing situation of "applause but not popularity" for a long time. Therefore, in order to ensure that cyber security insurance can gradually embark on the "fast lane" and narrow the gap with the international market, the industry and regulators have issued a number of guidance documents to escort the development of cyber security insurance.
Source: Baoguan finishing
As early as 2019, the relevant regulatory authorities have proposed to explore the development of cybersecurity insurance services, but the promotion policy at that time was relatively macro, and more of a guiding and directional opinion. For example, in the "Opinions on Promoting the Healthy Development of Cyber Security Insurance Standards" issued in July 2023, it clearly pointed out product diversification, service standardization, data co-construction, security ecology, etc. Until recently, the official announcement of the "Catalogue of Typical Service Solutions for Cyber Security Insurance" has also brought unprecedented attention to cyber security insurance.
There is no doubt that the introduction of relevant policies and regulations has not only promoted the expansion of the cybersecurity insurance market, but also greatly promoted the implementation of cybersecurity insurance products and related services. We're also here to predict the general trend of future cyber insurance policies.
1. It is expected that more policies will be intensively introduced, with more focused directions and greater supporting discounts. Some industry insiders pointed out that in the second half of this year, the policy on cyber security insurance is very likely to be introduced again, and the supervision may further make clearer and more specific support and guidance in terms of development direction, supporting discounts, and landing applications.
2. Further encourage cybersecurity companies, insurance companies, risk management and other entities to actively participate in the innovation of cybersecurity insurance products and services. It is important to know that cyber security involves many fields, and at the same time, cyber security insurance, as an emerging type of insurance, is, to a certain extent, an organic combination of cyber security technology and insurance services, so it is far from enough to rely on insurance companies alone, and it also needs the participation of multiple entities to accelerate the innovation of products and services.
3. The types and targets of cyber security insurance pilots may be expanded again. At this stage, the types of cyber security insurance pilots in mainland China are mainly cyber security property insurance and cyber security liability insurance, and the pilot targets are mainly for enterprises in important industries such as the Internet and telecommunications. However, with the continuous deepening of policies and the continuous improvement of the needs of small and medium-sized enterprises, the types and objects of the pilot will undoubtedly be further expanded.
2
The catalogue of typical service plans for cyber security insurance was announced,
The three characteristics reflect the development trend
Recently, the Ministry of Industry and Information Technology announced the "Catalogue of Typical Service Plans for Cyber Security Insurance", which has attracted widespread attention in the industry and reflects the current development trend of cyber security insurance to a certain extent.
Specifically, a total of 49 programs were selected this time, including 36 enterprise programs and 13 product and service programs. It involved 13 insurance companies, 33 technology companies, 2 research institutes, and 1 university. At the same time, the content of the program covers many key industries and emerging fields such as finance, medical care, energy, Internet, telecommunications, and the Internet of Things.
On the whole, the 49 plans mainly involve three aspects: property damage and third-party liability, information technology services, and network security services. Taking network security services as an example, they include professional and technical personnel training, security risk assessment, security operation testing, etc., and at present, they are more extended services and additional services.
In the enterprise plan, taking the "Cyber Security Property Insurance Service Plan for the Telecom and Internet Industry" declared by Sunshine Property Insurance as an example, the plan has launched a comprehensive cyber security insurance protection of "security protection + insurance protection + risk control partner", which mainly focuses on business interruption, data asset reset, tripartite claims and other losses caused by potential DDOS attacks and phishing in the telecom and Internet industry, and supports a variety of services such as risk assessment, one-to-one customization, risk control monitoring services, post-risk liability, and judicial appraisal.
In the product and service scheme, taking the "Cyber Security Insurance Service Plan for Cyber Extortion Protection Scheme" declared by Topsec as an example, the scheme focuses on the "detection, intrusion, implantation, and extortion" attack chain of ransomware virus, and establishes a comprehensive, three-dimensional and multi-level protection system through the reinforcement of risk assets and the deployment of protection and recovery measures at key nodes in advance, continuous monitoring of network traffic and server systems during the event, and rapid response and disposal of ransomware attacks after the event. It is worth mentioning that in order to accurately determine responsibilities and reduce losses, the program will also provide manual investigation and technical assessment services before the insurance, and technical services during the insurance to help enterprises monitor network security risks in real time and provide emergency response services after the insurance to minimize losses.
Looking at the overall 49 solutions, we can also find that this batch of cyber security insurance solutions has several obvious common features, and at the same time, through these features, it can also reflect the development trend of cyber security insurance products and services in the future.
1. Focus on the development of inclusive cyber security insurance for small and micro enterprises. In fact, many small and medium-sized enterprises are clearly aware of the importance of cyber security risks, but for small and medium-sized enterprises, cyber security insurance is still a large cost burden. Therefore, in order to solve the cybersecurity needs of small and medium-sized enterprises in digital transformation, inclusive cyber security insurance has become one of the main directions of research and development of insurance institutions and cyber security companies. For example, NSFOCUS applied for the "Data Anti-Ransomware Insurance Service", which is an inclusive cyber security insurance service for small and medium-sized enterprises, which is characterized by inclusive economy, multi-party participation, and convenient burden reduction. For some small and micro enterprises, the annual premium expenditure is as low as a few thousand yuan.
2. One-stop cyber security insurance comprehensive solutions have become a trend. The one-stop service here usually refers to the all-round service of pre-event risk assessment, in-process monitoring and prevention, and post-event risk disposal, as well as a package of services such as pre-insurance, in-insurance, and post-insurance. For example, the case of Topsec declared by Topsec mentioned above is a typical example of a one-stop comprehensive cyber security insurance solution. The benefits of one-stop shopping are also multifaceted, in addition to helping customers build a solid protection system, it can also further strengthen the ability of risk transfer services.
Of course, one-stop cyber security insurance usually requires the joint participation of insurance companies, cyber security companies, third-party risk management technology institutions and other parties, insurance companies are responsible for compensation coverage, cybersecurity companies are responsible for technology development, and risk management institutions are responsible for data support.
3. In addition to providing traditional financial compensation, diversified supporting services have become standard. Continuously optimizing the supply of cyber security insurance services has been a key focus of regulatory attention in recent years. We can also find that among the successful schemes, 13 products and services are in the category. More than 10 extended services, such as monitoring and guarding, security hosting, cloud management, emergency response, risk identification, dynamic perception, and risk reduction, have been successfully applied, giving customers a better service experience.
3
What kind of cyber security insurance can meet the market demand?
There are five major requirements that need to be met
With the cost and frequency of cyber attacks rising dramatically, many people have begun to rethink, so what kind of cyber security insurance can really meet the market demand? Prior to this, Baoguan has also released some specific cases of overseas cyber security insurance products, and combined with the service process and operation ideas of foreign cyber security insurance products, we have summarized five key requirements for cyber security insurance that meets market demand.
1. Customized risk assessment: Know that the risk to an organization that suffers a data breach is not just costly business interruption and reputational damage, and third-party liability is likely to file a claim against the organization. As a result, insurers need to conduct regular risk assessments of their corporate customers to identify and fix system flaws that threaten data security.
2. Timely Incident Response Plan: An incident response plan generally refers to the measures taken to help customers control what has happened and limit damage when a potential incident is detected. As a result, insurers need to help corporate customers develop a clear incident response plan that allows them to respond quickly and effectively to cyberattacks and mitigate their impact.
3. Regular employee training: Insurers need to help their clients conduct regular cybersecurity training to ensure employees understand their role in protecting data and systems.
4. Cyber security technical support: To help customers deal with the risk of potential cyber attacks and data breaches, cyber security insurance solutions need the support of cyber security technologies, such as firewalls, intrusion detection systems, data encryption, multi-factor authentication, etc.
5. Diversified service provision: Provide professional, differentiated and innovative security services for customers in different industries and companies.
Finally, with the continuous favorable policies, the market size of cyber security insurance in the future may exceed our imagination. At the same time, in the face of continuous benefits, it is not only insurance companies that are gearing up, but more entities will actively participate in the market of cyber security insurance. So what kind of surprises can the promising cyber security insurance bring to the industry in the future, it is worth looking forward to!