Insurance

Only 10pc of Asian firms are insured against cyberattacks

Most firms cite cost and complicated policies as reasons for shunning cyber liability cover. But insurers say rising incidence of cybercrime may change that

PUBLISHED : Monday, 24 July, 2017, 7:48am
UPDATED : Monday, 24 July, 2017, 7:48am

Only one in 10 companies in Hong Kong and three other Asian markets have insurance cover on losses resulting from cyberattacks as they consider coverage policies to be complicated and expensive, according to a survey by Australian insurer QBE.

“This trend is likely to change in the coming years after many high-profile hacking attacks on computers that have led to many companies suffering losses,” said Marcelo Teixeira, global head of bancassurance for QBE Insurance Group in an interview with the South China Morning Post.

The survey of 1,200 executives in the four markets – Hong Kong, Malaysia, Singapore and Indonesia – between March and May this year showed that 95 per cent of respondents have purchased general insurance products, but mostly for traditional risks such as damages on property or fire insurance.

While 50 per cent have bought some form of liability insurance, a smaller group of only 10 per cent have purchased liability insurance covering risks related to losses from business interruption or loss of customers data related to cyberattacks.

Most Hong Kong firms still unprepared for cyber attacks, finds survey

But recent attacks such as the WannaCry ransomware, which affected hundreds of thousands of computers in more than 150 countries in May, followed by the highly destructive Petya variant that struck last month were causes for rethink.

Eric Hui Kam-kwai, chief executive of Zurich Insurance (Hong Kong), said his company would expand its cyberinsurance cover for small- and medium-sized enterprises (SMEs) this week.

The insurer has been covering cyberattacks for large companies in the past three years.

Global ransomware attack hits third Hong Kong system

“We believe there is a strong demand from SMEs for cyberinsurance policies as they are also suffering losses incurred from cyberattacks – for interruption of business, or loss of client information,” Hui said.

As many SMEs viewed cyberinsurance to be too complicated, he said they would simplify the products and offer them at a lower cost that tailor to SMEs’ needs.

We believe there is a strong demand from SMEs for cyberinsurance policies as they are also suffering losses incurred from cyberattacks...
Eric Hui, Zurich Insurance (Hong Kong)

The QBE survey also found that most respondents said they did not purchase cyberinsurance as they thought they could not afford it, or found the products to be too complicated to understand.

Teixeria said Singapore was considering to introduce laws that require all companies to buy cyberinsurance.

“I would hope that the business sector would voluntarily purchase the liability insurance products to cover cyberattacks, instead of [it becoming a] mandatory requirement by the government,” Teixeria said.

“The industry would need to simplify the products to make it easier for the customers to understand about cyber and other liability insurance.”

Teixeira said many companies would purchase liability insurance after they had suffered losses.

This could explain why fewer companies have purchased cyberinsurance. Only 13 per cent of Hong Kong companies have suffered cyberattack losses, compared with 24 per cent of Singapore companies, according to the survey.

“Companies however, should be more proactive in getting the insurance cover to prepare for any losses ”, amid the rising trend of cybercrime, Teixeira said.

He cited a Lloyd’s study which projected that global losses from cybercrime would increase by more than six times to US$3 trillion by 2020, compared with US$450 billion in 2016.

Companies however, should be more proactive in getting the insurance cover to prepare for any losses
Marcelo Teixeira, QBE

In Hong Kong, the Securities and Futures Commission in April proposed a range of measures for the city’s 500 stockbrokers to step up their cybersecurity, after 27 hacking attacks struck 12 licensed financial firms in the 18 months to the end of March, which resulted in investor losses totalling HK$110 million (US$14.2 million).

“Hacking of internet trading accounts is the most serious cybersecurity risk faced by internet brokers in Hong Kong,” said Ashley Alder, chief executive of the SFC.

Cybersecurity platform to expand to Hong Kong’s brokers and insurers

Among the four markets surveyed by QBE, Malaysian companies were least covered, with only 45 per cent of firms with liability insurance. Forty-seven per cent of Hong Kong firms have liability insurance, while 54 per cent of both Indonesian and Singaporean firms have some form of liability insurance.

In addition, 17 per cent of companies in the markets have purchased professional liability protection, and 15 per cent of companies have purchased directors and officers’ liability to cover the risks of having to compensate to investors or regulators when the executives fail in their duties.

business-article-page