Despite a higher perception of risk, only 10% of cyber insurance requests end in contracts
Cyber attacks are becoming more common every day. Last year alone, in Chile, $ 12 million was stolen in two boisterous attacks on the banking sector. (Banco de Chile: US $ 11 million and Banco Consorcio: US $ 2 million). However, Chilean companies would not be protecting themselves sufficiently, not only in prevention, but also in damage control. Proof of this is that only 10% of cybercrime-related insurance applications end in contracts, according to data from the FR Group insurance brokers.
Retail, communications and financial institutions lead the requirements. According to the financial risk manager of the brokerage, Enrique Vera , cybersecurity is an evolving topic: ‘In Chile, medium and large companies, including some well-known corporations, do not have the Sufficient cybersecurity measures to deal with this exposure that threatens the continuity of their business’, he warns. The executive explains that despite the fact that many companies recognize vulnerability, today investment levels in this area are very low compared to their peers in other countries.
Same vision delivery, Leonardo González, manager of liabilities & amp; Specialty Lines of Southbridge, who currently points out “there is ignorance on the part of the companies of the risks to which they are exposed”.
X-ray to the sector
In the Chilean market, there are two types of policies related to cybersecurity. One is the Cyber policy that seeks to support the contracting company against third-party claims resulting from the leakage of personal and corporate data.
On the other hand, the Cybersecurity or Crime policy seeks to protect the monies of the contracting company against a cyber attack that has the purpose of subtracting said funds. The executive FR Group remarks that ‘today the focus has been on the Cyber policy, but once the client understands it, he seeks to evaluate the hiring of both.’
From Southbridge, meanwhile, they explain that the premiums associated with this type of product depend on several factors. These are the protection limits that are contracted, the security levels of each company, levels of exposure associated with the activities of these same companies, and if they have suffered previous events, among others. ‘Therefore, the premiums may vary according to each item or company. In Chile, the level of premiums traded at the market level is of the order of US $ 20 million a year, ’says González.
‘The market for cyber risk protection policies is quite small. Southbridge estimates that around 50 companies have contracted protections of this type in Chile, ’he adds. In the case of coverage for cybercrime, ‘the number of firms hiring this type of protection could rise to 90’, the Southbridge executive points out.
Main requirements
From FR Group explain that the process of subscribing to these policies goes through the evaluation of the existing operational and cybersecurity measures in the company, through a questionnaire that is based on international standards. This implies that companies have a firewall, antivirus and encryption of data at rest and in transit.
Vera stresses that although it may seem incredible, many companies do not have an antivirus or firewall, a factor that becomes the main capstone for insurance contracting. ‘The insurance company evaluates this information and rates or reports that the measures are insufficient, which is more common than one would think, because today it is one of the main reasons for withdrawal,’ he adds.
Source: Diario Financiero
