Asia at risk with cyber insurance scarcity

The region's cyber insurance take-up rate is negligible at only less than 6%.

From the stolen personal data of 850 personnel from Singapore’s defense ministry online database portal in 2017 to the 6.4m children’s data stolen from a Hong Kong toy firm in 2015, the number of attacks in the region have been alarmingly growing in number and scope. However, Asia-Pacific’s cyber insurance take-up rate still remains negligible compared to other regions across the globe, with the cyber insurance market heavily skewed to the US at 90% of the total share, Europe at 4%, whilst the rest of the world including Asia is only at 6%.

“Asia-Pacific is a perfect cyberstorm”, Marsh and McLennan analysts noted, with the global growth in internet users, greater connectivity amongst 4G mobile devices, and higher mobile network traffic all driven by Asia-Pacific by 69%, 49%, and 47%, respectively. Amidst all this, it has also become the playground of hackers due to the lack of security measures to come with the growth in digitalisation.

Weak points
The region has yet to enforce several regulations such as disclosure regulation, the lack of which creates the perception that cyber attacks in the region are relatively lower than those in Europe or US. Insurers have seen this as a point of entry to offer risk management solutions for companies that find cybersecurity a tall order to do on their own.

In Singapore, the demand for cyber insurance has increased as companies rush to insure their businesses against data breaches. A PwC survey revealed that Singaporeans also lack the ability to identify the culprits behind cyber attacks, a weak point in risk quantification.

PwC also reported that in Singapore, more than six in 10 organisations have cyber insurance, 37% and 35% of which have made a claim and collected it, respectively. One of them is insurer AIG which came up with its own product called CyberEdge, offering protection against sensitive data breaches (personal and corporate data), computer hacking, dumpster diving, computer viruses, and employee sabotage or error, amongst others.