The present capacity for cyber insurance is insufficient, according to the CEO of AIG.
Speaking at an event at New York University on Thursday (April 2), American International Group Inc. CEO Peter D. Hancock shared his belief that the amount of coverage presently provided by cyber insurance is unfavorable in comparison to other types of insurance, reports The Wall Street Journal.
“The largest coverage I’m aware of is for a bank that has about $400 million in coverage which is very small when you think about it,” said Hancock at the event. “When you compare it to the amount of capacity that’s available for a complex chemical plant, refinery, offshore oil platform, the numbers are much, much higher.”
Supporting Hancock’s point of view, the WSJ points to the massive data breach that Target suffered in 2013: it cost the company $252 million in expenses, only $90 million of which was covered by its cyber insurance plan — leaving Target on the hook for $162 million.
In an email to The Wall Street Journal, Robert Parisi, cyber product leader for Marsh (the insurance brokerage and risk advisory unit of Marsh & McLennan Companies), explained that while the largest amount of cyber insurance currently available technically exceeds $500 million, it is much more common for the largest policies to be written for only about $100 million to $200 million.
According to Marsh’s U.S. Insurance Market Report for 2015, says the WSJ, cyber insurance is one of the fastest-growing sectors in the insurance market. This fact intones the likelihood that the amount of coverage that cyber insurance provides will increase over time.
Hancock seemed to support this prediction in his remarks, saying, “I suspect, over time, the willingness of insurers and by others in the industry to provide greater capacity will increase with greater comfort in the maturity of the countermeasures.”