Sep 10, 2018

Go deeper: Why investors care about cybersecurity insurance

Illustration: Sarah Grillo/Axios

Cybersecurity insurance is getting a lot of attention from investors right now as more and more companies try to manage their increasing risks.

The trend: There will “absolutely” be consolidation in the cybersecurity insurance market, in particular for firms that assess the risk of companies seeking insurance, Ken Gonzalez, a managing director at investment firm NightDragon Security, tells Axios. And mergers and acquisitions could mean big pay-days for investors.

The likely acquirers will include traditional vulnerability management vendors, security services vendors, fintech companies, and insurance companies, Gonzalez, a partner at Momentum Cyber, a cybersecurity advisory firm, said.

By the numbers: Global premiums are expected to surpass $20 billion by 2025, according to Allianz. In the second quarter of 2018, U.S. cyber-insurance prices jumped by 2.1%, in part due to an increase in claims and coverage, per Marsh’s quarterly Global Insurance Market Index. But pricing was tempered last quarter due to competition among insurers.

  • 76% of U.S. executives today have some form of cybersecurity insurance, per Ovum and FICO. A year ago, 50% had none.
  • Five years ago, cybersecurity risk was ranked the 15th most important business risk, according to the Allianz Risk Barometer, based on a survey of global insurers and brokers. Now it is seen as the second most important.

Driving the market: “There have been very few major payouts against cyber-insurance policies, so for now, the cyber-insurance business looks pretty profitable relative to other areas of insurance," per Gonzalez.

  • For example, just this summer a bank in Virginia sued its insurance provider for not fully covering two cyber intrusions, per KrebsOnSecurity.
  • Yes, but: Gonzalez points out that a systemic cyberattack could instantly change how lucrative the market is.

The context: Cyber coverage has been around since the late 1990s and used to be bundled in some traditional insurance offerings, like liability, property, and crime insurance. But because cyberthreats are so complex, it became necessary to pull it out as standalone coverage.

What to watch: Cyber-insurance purchases spike in the aftermath of a prominent and expensive incident, per Marsh's index. The growth of cyber-insurance purchases is fastest for small-to-medium enterprises, per Trend Micro, a cybersecurity company.

  • A more structured regulatory environment could boost companies’ interest in obtaining cybersecurity insurance. All 50 states now have data breach notification laws. Europe’s new General Data Protection Regulation threatens massive fines for failure to keep data safe.

The other side: Skeptics say cybersecurity insurance might not go very far because almost no insurance policy is able to remedy the long term business consequences of reputation damage — which accounted for almost 89% of losses in one cyber incident in a Deloitte modeling.

The big picture: "There’s always going to be some tail of risk that a company will want to insure against.  You can’t buy enough security technology and services to prevent every attack. There’s unknown risk that you can’t even qualify," Gonzalez says.

Go deeper: The rise of cybersecurity insurance

Editor's note: This story has been updated to clarify the spike in purchase prices.

Go deeper

Federal court temporarily halts "Remain in Mexico" program

Migrant wearing a cap with U.S. flagin front of the border between Guatemala and Mexico. Photo: Jair Cabrera Torres/picture alliance via Getty Image

The 9th Circuit Court of Appeals upheld a lower court's earlier injunction on Friday, temporarily stopping the Trump administration from enforcing the Migrant Protection Protocols (MPP) — known as the "Remain in Mexico" policy.

Why it matters: Tens of thousands of migrants seeking asylum have been forced to wait out their U.S. immigration court cases across the border in Mexico under the policy. The Trump administration has long credited this program for the decline in border crossings following record highs last summer.

Go deeperArrowUpdated 2 hours ago - Politics & Policy

Coronavirus updates: WHO raises global threat level to "very high"

Data: The Center for Systems Science and Engineering at Johns Hopkins, the CDC, and China's Health Ministry. Note: China numbers are for the mainland only and U.S. numbers include repatriated citizens.

The World Health Organization raised its global risk assessment for the novel coronavirus to "very high" Friday, its highest risk level as countries struggle to contain it. Meanwhile, National Economic Council director Larry Kudlow this morning tried to reassure the markets, which continued to correct amid growing fears of a U.S. recession.

The big picture: COVID-19 has killed more than 2,860 people and infected about 83,800 others in almost 60 countries and territories outside the epicenter in mainland China. The number of new cases reported outside China now exceed those inside the country.

Go deeperArrowUpdated 3 hours ago - Health

Bernie's plan to hike taxes on some startup employees

Illustration: Sarah Grillo/Axios

Sens. Bernie Sanders (D-VT) and Chris Van Hollen (D-MD) introduced legislation that would tax nonqualified stock options at vesting, rather than at exercise, for employees making at least $130,000 per year.

The big picture: Select employees at private companies would be taxed on monies that they hadn't yet banked.