Despite a higher perception of risk, only 10% of cyber insurance requests end up in contracts
Cyberattacks are becoming more common every day. Just last year, in Chile, US$12 million was stolen in two rowdy attacks on the banking sector. (Banco de Chile: US$11 million and Banco Consorcio: US$2 million). However, Chilean companies are not protecting themselves sufficiently, not only in prevention, but also in damage control. Proof of this is that only 10% of insurance requests related to cybercrime end up in contracts, according to data from FR Group insurance brokers.
Retail, communications and financial institutions lead the requirements. According to the financial risk manager of the brokerage, Enrique Vera, cybersecurity is an issue that is evolving: ‘In Chile, medium and large companies, including some well-known corporations, do not have the sufficient cybersecurity measures to face this exposure that threatens the continuity of their businesses,’ he warns. The executive explains that despite the fact that many companies recognize vulnerability, today the levels of investment in this matter are very low compared to their peers in other countries.
Same vision delivered by Leonardo González, manager of Liabilities & Specialty Lines of Southbridge, who points out that at present ‘there is a lack of knowledge on the part of the companies of the risks to which they are exposed’.
X-ray to sector
In the Chilean market, there are two types of policies related to cybersecurity. One is the Cyber policy that seeks to support the contracting company against third-party claims resulting from the leaking of personal and corporate data.
On the other hand, the Cybersecurity or Crime policy seeks to protect the money of the contracting company against a cyber attack that has the purpose of stealing said funds. The FR Group executive remarks that “today the focus has been on the Cyber policy, but once the client understands it, he seeks to evaluate the contracting of both.” </ P>
From Southbridge, meanwhile, they explain that the premiums associated with this type of product depend on several factors. These are the protection limits that are contracted, the security levels of each company, exposure levels associated with the activities of these same companies, and if they have suffered previous events, among others. ‘Therefore, the premiums may vary according to each item or company. In Chile, the level of premiums traded at the market level is of the order of US$ 20 million a year,’ says González.
‘The market for cyber risk protection policies is quite small. Southbridge estimates that around 50 companies have contracted protections of this type in Chile,’ he adds. In the case of coverage for cybercrime, “the number of firms that contract this type of protection could rise to 90,” points out the Southbridge executive.
Main requirements
From FR Group they explain that the subscription process to these policies involves the evaluation of the operational security and cybersecurity measures existing in the company, through a questionnaire that is based on standards international. This implies that companies have a firewall, antivirus and encryption of data at rest and in transit.
Vera emphasizes that although it may seem incredible, many companies do not have an antivirus or firewall, a factor that becomes the main stumbling block for contracting insurance. “The insurance company evaluates this information and rates or reports that the measures are insufficient, which is more common than one would think, because today it is one of the main reasons for withdrawal,” she adds. </ P>
Source: Diario Financiero
