The Insurance Business in Transition to the Physical-Cyber Market: Communication, Coordination and Harmonization of Cyber Risk Coverages

Abstract

This investigative study examines the business of insurance from a loss exposure and coverage development perspective and compares its findings with current market practices dealing with cyber risk(s). It discusses the importance of government regulation of data and privacy protection for the public, in general, and insurance buyers, in particular. Evidence shows incomplete communication among information technology professionals, risk managers and insurance underwriters. Their efforts are inadequately coordinated, and each industry seems to have its own set of risk management guidelines. Evidence shows that insurance policies – including risk classification and policy wording – are not standardized, likely resulting in coverage gaps and a litigious claims environment. More importantly, the insurance market treats all insurable loss exposures and the parties exposed to them in cyberspace using a single policy approach – an approach for a world of risk in which human activities, artificial intelligence and machine-learning become complicated and are increasingly interconnected. This multiplicity-in-cause, multiplicity-in-outcome nature of the risks in the cyber world, of which coverages every individual and business will need, requires the insurance industry to evaluate whether this single policy approach is appropriate, and separately to agree on meaningful standardization of coverages. Finally, this study proposes that, as the cyber world adds more risks on top of cybersecurity-related loss exposures, the business of insurance is in transition to operations in the physical-cyber market.