When an insurance company sells protection against a house fire or car accident, it leans on decades of data from past experience to price policies. For every 1,000 houses you insure you have a rough idea how many will burn.
That basic yet key ingredient is all but missing in the growing business of cyber insurance, in which business is booming as the list of hacking incidents from Target to Ashley Madison grows. Add to the mix the ever-changing nature of hacks and different levels of security sophistication among companies, and the challenges mount alongside the opportunities.
“There are many unknowns,” said Nick Galletto, cyber risk services leader for the Americas at Deloitte.
Hacks such as the one that hit adultery website Ashley Madison can give an idea of the cost of the fallout of such an event. But that doesn’t come close to providing the depth of data insurers use to create and measure the underwriting standards when they sell protection against house fires, break-ins and car accidents.
Paul Schiavone, regional head of financial lines in North America at the corporate and specialty division of Allianz Group, said the global insurer is writing cyber insurance policies and is excited about the new line of business.
But he acknowledges the relative lack of data makes it difficult to know if the policies are properly calibrated to the risk when it comes to cyber insurance. “It’s difficult for the insurance industry to even price it,” Schiavone said in an interview.
Still, despite the unknowns, companies including his are anxious to be in the game.
“It’s exciting — that doesn’t happen often in insurance,” Schiavone said.