The document provides an overview of the global cyber insurance market, including:
- The cyber insurance market is still in its infancy globally but has grown significantly in recent years, especially in the US where it is estimated to be worth $1.5 billion in 2015.
- The largest market is the US, driven by data breach legislation, high-profile cyber attacks increasing awareness, and demand from companies storing personal data.
- The upcoming European GDPR regulation coming into effect in 2018 is expected to be a major driver for the growing but still relatively nascent European cyber insurance market.
- Various industries like retail, healthcare, and financial institutions are among the largest buyers of cyber insurance.
As per the Credit Suisse Global Wealth Report 2020, global wealth stood at US$ 399 trillion as of the end of 2019. Most of the global wealth is primarily controlled by older men in North America and Europe.
As per BCG, the Asset Under Management (AuM) for the global asset management industry stood at US$88.7 trillion as of the end of 2019.
The pandemic found the wealth management industry dealing with margin pressure amid the popularity of passive products, on the verge of a great wealth transfer from the Baby Boomers to the younger generations, a rising share of women’s wealth, and increasing regulatory pressure. Revenue from beta is quickly diminishing due to the popularity of passive products. The focus is shifting from margin to increasing AUM.
As per Credit Suisse Global Wealth Report 2020, global wealth decreased by US$ 17 trillion between January and March of 2020. Recovery in the capital markets Q2 onwards led to the recovery of household wealth in Q2 to the levels of the end of 2019. Though the loss of growth represents a more than US$7 trillion loss from expected wealth levels by the end of the first half of 2020. Lower economic activity, lower consumption, and lower investments by both households and corporates likely to restrain household wealth growth for many coming years. The growth rate may not recover to pre-pandemic levels before the end of 2021. Global wealth per adult decreased by 0.4% in the first half of 2020. China is the biggest gainer and Latin America along with Africa are the greatest losers.
Though low-interest-rate environment, making time deposits less attractive, likely to boost funds flows to capital markets and demand for wealth management services.
At the same time, social distancing is forcing digital adoption in wealth management. Apart from that, the great wealth transfer will mean that the wealth management sector needs a paradigm shift in their client engagements. The expectations of tech-savvy millennials are very much different from the older generations. Instant gratification, higher involvement in the process, and constant monitoring are some of the features Millennials expect.
Micro-Investment platforms and Online Brokers are expected to be immensely beneficial as tech-savvy Millennials control more and more wealth. Self-service platforms that specialize in passive products (MF, ETF) are especially lucrative.
Hybrid services that combine human touch with tech efficiency will likely to become mainstream as wealth management firms push for cost-cutting and younger generations control more and more wealth.
As many traditional wealth management firms will look to increase their digital capabilities, WealthTech firms with proven business models are expected to be seen as attractive acquisition targets.
The FBI is the lead federal agency for investigating malicious cyber activity by criminals, nation-state adversaries, and terrorists. To fulfill this mission, the FBI often develops resources to enhance operations and collaboration. One such resource is the FBI’s Internet Crime Complaint Center (IC3) which provides the public with a trustworthy and convenient mechanism for reporting information concerning suspected Internet-facilitated criminal activity. At the end of every year, the IC3 collates information collected into an annual report.
Credit is due to all original authors and no financial gain was made from the blog, Simply sharing an interesting story for educational purposes,
As per the Credit Suisse Global Wealth Report 2020, global wealth stood at US$ 399 trillion as of the end of 2019. Most of the global wealth is primarily controlled by older men in North America and Europe.
As per BCG, the Asset Under Management (AuM) for the global asset management industry stood at US$88.7 trillion as of the end of 2019.
The pandemic found the wealth management industry dealing with margin pressure amid the popularity of passive products, on the verge of a great wealth transfer from the Baby Boomers to the younger generations, a rising share of women’s wealth, and increasing regulatory pressure. Revenue from beta is quickly diminishing due to the popularity of passive products. The focus is shifting from margin to increasing AUM.
As per Credit Suisse Global Wealth Report 2020, global wealth decreased by US$ 17 trillion between January and March of 2020. Recovery in the capital markets Q2 onwards led to the recovery of household wealth in Q2 to the levels of the end of 2019. Though the loss of growth represents a more than US$7 trillion loss from expected wealth levels by the end of the first half of 2020. Lower economic activity, lower consumption, and lower investments by both households and corporates likely to restrain household wealth growth for many coming years. The growth rate may not recover to pre-pandemic levels before the end of 2021. Global wealth per adult decreased by 0.4% in the first half of 2020. China is the biggest gainer and Latin America along with Africa are the greatest losers.
Though low-interest-rate environment, making time deposits less attractive, likely to boost funds flows to capital markets and demand for wealth management services.
At the same time, social distancing is forcing digital adoption in wealth management. Apart from that, the great wealth transfer will mean that the wealth management sector needs a paradigm shift in their client engagements. The expectations of tech-savvy millennials are very much different from the older generations. Instant gratification, higher involvement in the process, and constant monitoring are some of the features Millennials expect.
Micro-Investment platforms and Online Brokers are expected to be immensely beneficial as tech-savvy Millennials control more and more wealth. Self-service platforms that specialize in passive products (MF, ETF) are especially lucrative.
Hybrid services that combine human touch with tech efficiency will likely to become mainstream as wealth management firms push for cost-cutting and younger generations control more and more wealth.
As many traditional wealth management firms will look to increase their digital capabilities, WealthTech firms with proven business models are expected to be seen as attractive acquisition targets.
The FBI is the lead federal agency for investigating malicious cyber activity by criminals, nation-state adversaries, and terrorists. To fulfill this mission, the FBI often develops resources to enhance operations and collaboration. One such resource is the FBI’s Internet Crime Complaint Center (IC3) which provides the public with a trustworthy and convenient mechanism for reporting information concerning suspected Internet-facilitated criminal activity. At the end of every year, the IC3 collates information collected into an annual report.
Credit is due to all original authors and no financial gain was made from the blog, Simply sharing an interesting story for educational purposes,
An Overview and Competitive Analysis of the One-Time Password (OTP) MarketEMC
This Frost & Sullivan report examines the proliferation of identity theft and data breaches caused by single-factor authentication or weak passwords, and describes how, to decrease the impact of threats, companies are integrating mobile OTP, OTP tokens, and USB tokens to protect network access and end users.
All product and company names mentioned herein are for identification and educational purposes only and are the property of, and may be trademarks of, their respective owners.
According to the U.S. Census Bureau, the 65-and-older population will almost double over the next 30 years, reaching 88 million by 2050. Workforces are aging quickly, and the insurance industry in particular is especially affected by this.
Contribution to panel discussion of the key changes to be expected in the insurance industry over the next five years from technology to product development.
China Mobile Advertising Landscape Report (Thomvest Ventures)Thomvest Ventures
This report examines China's digital advertising industry, with a specific focus on mobile. Our goal with this research is to grasp the many nuances of advertising technology in China – what role does programmatic play, who are the key vendors in the space, what challenges do these vendors face, and how do we expect the market to evolve over the next several years?
Digital Powers Consumer Durables: A $23 billion Opportunity by 2023Social Samosa
Capturing the growth of digital influence and key consumer insights in the consumer durables sector in India, Boston Consulting Group (BCG) and Google India released a report, ‘Digital Powers Consumer Durables: A $23 billion Opportunity by 2023’. Projecting a healthy growth rate for Consumer durables (Televisions, Refrigerators, Washing Machines, Air Conditioners, Microwaves, Water Purifiers & Small Kitchen Appliances), the report states that overall Industry will see a growth of 13% to reach $36Bn by 2023.
2015 cost of data breach study global analysisxband
2015 Cost of Data Breach Study:
Global Analysis
By: Ponemon Institute
Benchmark research sponsored by IBM
Independently conducted by Ponemon Institute LLC
May 2015
With support by the CII, Marketforce launched this special report providing a snapshot of the challenges and opportunities the industry is facing - and how to prepared it is to meet them.
Based on responses from over 1000 senior insurers, in this report you will find dedicated chapters on digital, analytics, operations, claims, fraud and more.
Would you like to meet like-minded insurers? On November 7th, 8th and 9th we're holding our 16th annual The Future of General Insurance conference.
Find out more about the event here: http://bit.ly/1TKDIgQ
An Overview and Competitive Analysis of the One-Time Password (OTP) MarketEMC
This Frost & Sullivan report examines the proliferation of identity theft and data breaches caused by single-factor authentication or weak passwords, and describes how, to decrease the impact of threats, companies are integrating mobile OTP, OTP tokens, and USB tokens to protect network access and end users.
All product and company names mentioned herein are for identification and educational purposes only and are the property of, and may be trademarks of, their respective owners.
According to the U.S. Census Bureau, the 65-and-older population will almost double over the next 30 years, reaching 88 million by 2050. Workforces are aging quickly, and the insurance industry in particular is especially affected by this.
Contribution to panel discussion of the key changes to be expected in the insurance industry over the next five years from technology to product development.
China Mobile Advertising Landscape Report (Thomvest Ventures)Thomvest Ventures
This report examines China's digital advertising industry, with a specific focus on mobile. Our goal with this research is to grasp the many nuances of advertising technology in China – what role does programmatic play, who are the key vendors in the space, what challenges do these vendors face, and how do we expect the market to evolve over the next several years?
Digital Powers Consumer Durables: A $23 billion Opportunity by 2023Social Samosa
Capturing the growth of digital influence and key consumer insights in the consumer durables sector in India, Boston Consulting Group (BCG) and Google India released a report, ‘Digital Powers Consumer Durables: A $23 billion Opportunity by 2023’. Projecting a healthy growth rate for Consumer durables (Televisions, Refrigerators, Washing Machines, Air Conditioners, Microwaves, Water Purifiers & Small Kitchen Appliances), the report states that overall Industry will see a growth of 13% to reach $36Bn by 2023.
2015 cost of data breach study global analysisxband
2015 Cost of Data Breach Study:
Global Analysis
By: Ponemon Institute
Benchmark research sponsored by IBM
Independently conducted by Ponemon Institute LLC
May 2015
With support by the CII, Marketforce launched this special report providing a snapshot of the challenges and opportunities the industry is facing - and how to prepared it is to meet them.
Based on responses from over 1000 senior insurers, in this report you will find dedicated chapters on digital, analytics, operations, claims, fraud and more.
Would you like to meet like-minded insurers? On November 7th, 8th and 9th we're holding our 16th annual The Future of General Insurance conference.
Find out more about the event here: http://bit.ly/1TKDIgQ
HACKERONE
HACKER-POWERED SECURITY REPORT
2017
Executive Summary
Hacker-Powered Security: a report drawn from 800+ programs
and nearly 50,000 resolved security vulnerabilities.
Bug bounty and hacker-powered security programs are becoming the norm, used by organizations as diverse as Facebook and the U.S. government. Forty-one percent of bug bounty programs were from industries other than technology in 2016. Top companies are rewarding hackers up to $900,000 a year in bounties and bounty rewards on average have increased 16 percent for critical issues since 2015. Despite
bug bounty program adoption and increased reward competitiveness, vulnerability disclosure programs still lag behind. Ninety-four percent of the Forbes Global 2000 companies do not have policies.
It’s time to give security teams the tools they need to keep up with ever-faster development. This report examines the broadest platform data set available and explains why organizations like General Motors, Starbucks,
Uber, the U.S. Department of Defense, Lufthansa, and Nintendo have embraced continuous, hacker-powered security.
Go to www.esgjrconsultinginc.com to learn more about Software/Network Engineering Solutions for the 21st Century Digital Economy, IoT and IoE Concepts.
Cyber Security and Insurance Coverage Protection: The Perfect Time for an AuditNationalUnderwriter
Cyber Security and Insurance Coverage Protection: The Perfect Time for an Audit by Lynda Bennett
2014 ended almost the same way that it began for most companies – having concerns about cyber security and hackers. At the beginning of the year, the news cycle was focused on breaches that took place in the consumer product space as Target, Michael’s, Neiman Marcus, and Home Depot worked fast and furious to address breaches that led to concerns about a massive amount of credit card information possibly being “in the open.” Later in the year, we learned that corporate giants like JPMorgan Chase and Apple were not immune from cyber security breaches as still more personally identifiable information and very personal photographs were released into the public domain. Finally, as 2014 drew to a close, the entertainment industry was further rocked by the cyber-attack on Sony Corp., which led to even broader concerns about national security and terrorist threats.
Cyber Insurance Market PPT: Growth, Outlook, Demand, Keyplayer Analysis and O...IMARC Group
The global cyber insurance market size reached US$ 11.9 Billion in 2023. Looking forward, IMARC Group expects the market to reach US$ 58.9 Billion by 2032, exhibiting a growth rate (CAGR) of 18.8% during 2024-2032.
More Info:- https://www.imarcgroup.com/cyber-insurance-market
Data Breach Insurance - Optometric Protector Plansarahb171
The Optometric Protector Plan offers malpractice, professional liability and business insurance for Optometrists, Ophthalmic Technicians and Students. Here is the 2014 Data Breach Industry Forecast.
Rarely does a week go by without the announcement of another major data breach that has put thousands, or even millions of consumers at risk of fraud. From malicious use of compromised credit and debit cards, to increased identity theft risk to drained bank accounts, the threats are real and impact millions of consumers. . A key challenge for the incoming 114th Congress will be to implement long-needed reforms that will protect American consumers personal data from malicious use by criminal hackers.
I nostri intervistati si aspettano addirittura un nuovo tipo di
entità assicurativa emergerà entro il prossimo decennio,
come l'Internet delle cose, l'intelligenza artificiale
e blockchain convergono per creare smart, in tempo reale
soluzioni assicurative. Quasi sette su dieci
(69 per cento) ritiene che l'assicurazione verrà nuovamente intermediata
algoritmicamente a intervalli frequenti con un nuovo stile
di aggregatore assicurativo e il 91% si aspetta
questo avverrà entro un periodo di 15 anni.
Many of the early adopters of cyber risk transfer were based in the US, (owing to the extremely strict legal requirement to notify all customers affected by a data breach). However recent developments are showing that cyber risks are not just a US problem. The past 18 months Aon has seen a dramatic increase in the number of companies outside the US purchasing cyber risk transfer.
The FDA’s role in the approval and subsequent review of Vioxx, a.docxmehek4
The FDA’s role in the approval and subsequent review of Vioxx, a pain medication with- drawn from the market by its manufacturer after it was associated with heart attacks and strokes, is discussed in a case at the end of this textbook.
In 2010, Congress established, as part of the Dodd-Frank Act (also discussed in Chapters 8 and 14), a new consumer regulatory body, called the Consumer Financial Pro- tection Bureau. The purposes and actions of this agency are described in Exhibit 15.B. The debate over whether government should become involved in protecting consumer privacy is discussed in the next section of this chapter.
All seven government regulatory agencies shown in Figure 15.2 are authorized by law to intervene directly into the very center of free market activities, if that is considered nec- essary to protect consumers. In other words, consumer protection laws and agencies substi- tute government-mandated standards and the decisions of government officials for decision making by private buyers and sellers.
Consumer Privacy in the Digital Age
In the early 21st century, rapidly evolving information technologies have given new ur- gency to the broad issue of consumer privacy. Shoppers have always been concerned that information they reveal in the course of a sales transaction—for example, their credit card or driver’s license numbers—might be misused. But in recent years, fast-changing tech- nologies have increasingly enabled businesses to collect, buy, sell, and use vast amounts of personal data about their customers and potential customers. The danger is not only that this information might rarely be used fraudulently, but also that its collection represents a violation of privacy and might lead to unanticipated harms.
Individuals are often unaware of how much information about themselves they reveal to others as they shop, interact with friends, play games, or look for information online. A variety of technologies make this possible. Many websites place cookies—or more power- ful Flash cookies—on a computer hard drive, to identify the user during each subsequent visit and to build profiles of their behavior over time. Web beacons embedded in e-mails and websites retrieve information about the viewer. In deep packet inspection, third parties access and analyze digital packets of information sent over the Internet, such as pieces of e-mails or Skype calls, to infer characteristics of the sender. Not just retailers, but also Internet service providers such as Comcast, search engine operators such as Google, and informational services such as Dictionary.com, also track their users. So-called data aggregators purchase and combine data about individuals collected from various sources and compile them into highly detailed portraits to be sold to retailers, service providers, and advertisers.15
An example of a data aggregator is Acxiom Corporation, based in Conway, Arkansas. Acxiom, called the “quiet giant” of the industry, has built the larg ...
Asian insurance, pensions, and wealth management undergo rapid change, what a...Varun Mittal
What are the key trends changing the insurance, pensions, and wealth management industries in Asia?
And how can companies best capture growth?
These topics were among those discussed at the recent Singapore FinTech Festival (SFF). Since its
inception in 2016, SFF has become the premier platform for the global fintech community to engage,
connect, and collaborate on issues relating to the confluence of financial services, public policy, and
technology. SFF attracted 62,000 participants from over 115 countries—the largest SFF gathering ever.
It featured 850 speakers, 570 exhibitors, including 25 country pavilions, and over 4,000 meeting
through the business matching platform.
With inflation persisting and growth slowing, many fintech firms are trying to remain viable. With that
background, three key themes emerged at SFF that hold opportunities for insurance companies in Asia.
First, we discussed how risks for the current generation have changed, creating new paths of growth
as technology spreads across all sectors and functions in the insurance industry. The changing
behavior of consumers triggers new opportunities by demanding unconventional ways of redefining
customer relationships.
Second, a widening pension gap caused by an aging population, the rise of self-employment, and the
gig economy offers opportunities. We foresee that people caught in this gap could succumb to further
risks raised by rising inflation, longer lifespans, and the rising cost of healthcare. Further, we discussed
micro-pensions and micro-investments and how they would take off in the coming years.
Third, Asia’s financial wealth stands at $180.6 trillion as of 2021, or roughly 40% of global wealth, and
we expect continued growth. This causes more customers to get serious about financial planning. We
also discussed approaches to reaching Generation Y and Z customers who require an omnichannel
experience to maintain high engagement.
We also had pragmatic discussions around artificial intelligence (AI) and embedded insurance. AI is still
nascent, with regulators constantly figuring out how AI and machine learning play a role in insurance.
Embedded insurance, meanwhile, needs to work seamlessly in the customer journey.
This report covers the three main megatrends to watch in the landscape of Asia’s life and health insurance,
as well as the key imperatives insurers should take to capture the significant opportunities in the market.
All levels of society rely upon information technology systems. Network operations are pervasive and impact nearly every aspect of our society. The desire of companies to collect, use, store, and secure information about customers, employees, and other individuals is a requirement of the new economy. It is no wonder that the prevalence of electronic communications and a growing dependency on cyber structures and operations also create potential vulnerabilities to cyberattacks. It is critical to preserve information systems and address and prevent weaknesses in cyber protection efforts. This webinar examines the means for companies to reach data goals ethically, efficiently and legally. Best practices and model comprehensive privacy and cybersecurity policies are discussed. And, data breach response and related litigation, including class action litigation issues and fiduciary duty violations under corporate law, are discussed.
To view the accompanying webinar, go to:
https://www.financialpoise.com/financial-poise-webinars/data-privacy-compliance-2020/
Next Wave of Fintech: Redefining Financial Services through TechnologyRobin Teigland
The Stockholm School of Economics and PA Consulting present The Next wave of Fintech, a sequel to the 2015 Stockholm Fintech Report, focusing on the new InsurTech and RegTech segments. The report, which describes and quantifies the Swedish market for these segments, contains valuable insights and recommendations for decision makers at banks, incubators, startup companies, public authorities and investors.
Similar to Global Cyber Market Overview June 2017 (20)
A surety bond is a financial instrument through which an insurance company guarantees the successful performance of an Aon
client to a third party, known as a beneficiary or employer. It is a written agreement that provides compensation in the event
that specified obligations are not performed within a stated period.
With an ever-changing political scene and limited time left to conclude the negotiations for the United Kingdom’s (UK) exit from the European Union (EU), attention is now beginning to turn to the potential consequences of Brexit. This paper discusses the issues that insurers face and considers the interplay between insurers’ contractual obligation to continue to service policies (including paying claims) versus the practical impact that local regulation might have on their ability to do so.
IFRS Report - Important upcoming accounting changes Graeme Cross
The new IFRS 9 rules effective January 2018, and equivalent US GAAP standards (ASU 2016-13) effective in 2019, are aimed at
increasing the accuracy and transparency of how credit risk is represented on a company’s Balance Sheet and P&L. Both new
standards include requirements around the use of both historic as well as forward looking credit information in order to calculate
the provisions for credit losses (Expected Credit Losses).
Aon’s cyber capabilities can support organisations in embracing
a risk based approach. This facilitates the deployment of a
more effective cyber insurance strategy to help optimise the
total cost of risk associated with cyber exposures
Reducing an organisation’s property total cost of risk
(TCOR) is fundamental to its operational resiliency and
financial bottom line. Aon Property Laser is a unique
property and business interruption risk management
methodology that incorporates leading-edge diagnostic
and analytical tools to quantify risk exposure. By
identifying and analysing key property performance
indicators, Aon Property Laser helps organisations
to improve their risk profile, while also making the
insurance policy work more effectively should a loss
occur. Our property experts benchmark pre-loss and
post-loss risk management practices, activities and
results, to help assess and optimise an organisation’s
property risk profile.
Many businesses and governments have been reporting on environmental and climate data for over 15 years now, but the way they do is set to change. Following the UN’s Paris
Agreement to address climate risk by cutting greenhouse gas emissions, financial regulators are increasingly concerned about the systemic risks that climate change poses to the financial
system. After the 2008 financial crisis, regulators do not want any disorderly transitions in the market due to a misallocation of capital
Aon has developed a proprietary diagnostic tool to help risk leaders quickly assess their organization’s global supply chain exposures across a variety of key marketplace supply chain indicators.
In the complex and dynamic global risk environment, risk managers play an increasingly vital role in helping their organizations understand, prioritize and manage critical exposures affecting their operations and supply chains.
Today, along with catastrophic property risks, expanding cyber threats, terrorism, supplier insolvency, product integrity and reputational issues, businesses relying on global supply chains must navigate widening geopolitical challenges brought by rising nationalism.
As business leaders, planning, finance and operations executives strive to anticipate how these developments might affect their cross-border trade relationships, effective and forward-looking supply chain risk management is critical to sound decision-making. Aon’s Supply Chain Diagnostic helps clients flag supply chain vulnerabilities and improve resiliency.
Global supply chain management brochureGraeme Cross
Aon’s Approach to supply chain management recognizes the wide spectrum of risks that can negatively impact our clients’ business operations, some of which are common to all industries and others very specific to a particular segment. We bring efficiency to the process by triaging each client’s specific supply chain needs, and deploying a hand-picked team of specialists that can develop industry specific solutions ranging from risk identification and quantification to tailored risk financing programs and claim resolution strategies.
The Aon Global Client Network is the backbone of Aon Risk Solutions’ international network, connecting clients and colleagues with expertise, counsel and resources available in over 120 countries in which Aon Risk Solutions is represented. Aon’s network is the largest majority owned network, unsurpassed in geographic breadth and depth of talent.
On June 27, 2017, a widespread WannaCry ransomware variant referred to by a number of names, including GoldenEye, Petya, NotPetya, and ExPetr, began impacting computer systems around the world. Similar to the recent WannaCry ransomware attack, victims are being asked to pay a ransom of $300 in bitcoin.
Are you a risk or finance leader of an organization with exposures across multiple territories?
Take our Global Optimization Index survey. The 75 questions are
directly related to international risk management and will help you to measure your company’s risk management practices as compared to Aon’s best practice standards and find areas of focus to enhance the performance of your multinational risk management approach.
Aon’s continually growing directory of intellectual capital provides the latest insights into innovative ways of identifying, quantifying, and managing a wide range of current and emerging risks.
Aon’s guide to Political Risk, Terrorism & Political Violence
The Political Risk Map primarily focuses on economic and fiscal risks, specifically in emerging economies, while the Terrorism and Political Violence Map consider issues such as civil commotion and war and has a global focus.
While comparisons are possible across the two maps and certain countries will be affected by both sets of perils, these are two specific risks with accompanying sub-sets of perils that help to establish ratings for each country.
Together these maps are helping our clients to better understand the challenges facing them when operating in diverse, international geographies. We would welcome the opportunity to discuss these challenges in more detail with you and explain how Aon’s Crisis Management teams can help identify, manage and mitigate risks to help insulate your people, assets and operations wherever they are located in the world.
Environmental insurance market status Q1 2017Graeme Cross
This paper provides an update on the status of the marketplace for environmental insurance as of early 2017. It starts with a look at the environmental risks associated with a number of common industrial, commercial and institutional activities, and then considers various aspects of the marketplace, with a look at the insurance companies that sell environmental coverage, a review of who buys it and what is new in the market for this year.
Aon GDPR prepare and protect solution placematGraeme Cross
The EU’s General Data Protection
Regulation (GDPR) comes into effect on
the 25th of May 2018, enforcing strict
new measures for any organisation
globally handling the personal data
of EU individuals.
Organisations have steps to take to
comply with GDPR and meet the
ongoing data privacy rights of their
clients and employees.
Failure to comply may result in enforcement
action, including fines of up to €20 million
or 4% of your organisation’s annual
worldwide revenue, whichever is greater.
“The European Union data privacy landscape is about to undergo dramatic change, with lasting enterprise wide implications for the way that organisations handle, protect and use the personal data of EU individuals.
Organisations of all sizes, across all industries, and geographies that process personal data of EU residents need to take steps now to comply with the new EU General Data Protection Regulation by 2018, to satisfy management fiduciary duties
and avoid potentially costly penalties.”
We live in an era of unprecedented volatility. Trends on three major dimensions – economics, demographics, and geopolitics – combined
with the exponential pace of technology change, are converging to create a challenging new reality for organizations. These forces create opportunities that we cannot even imagine, but also present new frontiers to be explored.
UiPath Test Automation using UiPath Test Suite series, part 3DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 3. In this session, we will cover desktop automation along with UI automation.
Topics covered:
UI automation Introduction,
UI automation Sample
Desktop automation flow
Pradeep Chinnala, Senior Consultant Automation Developer @WonderBotz and UiPath MVP
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Tobias Schneck
As AI technology is pushing into IT I was wondering myself, as an “infrastructure container kubernetes guy”, how get this fancy AI technology get managed from an infrastructure operational view? Is it possible to apply our lovely cloud native principals as well? What benefit’s both technologies could bring to each other?
Let me take this questions and provide you a short journey through existing deployment models and use cases for AI software. On practical examples, we discuss what cloud/on-premise strategy we may need for applying it to our own infrastructure to get it to work from an enterprise perspective. I want to give an overview about infrastructure requirements and technologies, what could be beneficial or limiting your AI use cases in an enterprise environment. An interactive Demo will give you some insides, what approaches I got already working for real.
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Ramesh Iyer
In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on the notifications, alerts, and approval requests using Slack for Bonterra Impact Management. The solutions covered in this webinar can also be deployed for Microsoft Teams.
Interested in deploying notification automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualityInflectra
In this insightful webinar, Inflectra explores how artificial intelligence (AI) is transforming software development and testing. Discover how AI-powered tools are revolutionizing every stage of the software development lifecycle (SDLC), from design and prototyping to testing, deployment, and monitoring.
Learn about:
• The Future of Testing: How AI is shifting testing towards verification, analysis, and higher-level skills, while reducing repetitive tasks.
• Test Automation: How AI-powered test case generation, optimization, and self-healing tests are making testing more efficient and effective.
• Visual Testing: Explore the emerging capabilities of AI in visual testing and how it's set to revolutionize UI verification.
• Inflectra's AI Solutions: See demonstrations of Inflectra's cutting-edge AI tools like the ChatGPT plugin and Azure Open AI platform, designed to streamline your testing process.
Whether you're a developer, tester, or QA professional, this webinar will give you valuable insights into how AI is shaping the future of software delivery.
3. Aon Inpoint Global Cyber Market Overview: Uncovering the hidden opportunities 3
Introduction
Highly publicized attacks on blue chip companies, announcements of alliances formed between
insurers, reports of partnerships established with cyber security firms and hiring of renowned experts
have all contributed to making cyber one of the hottest topics in the insurance industry. However,
behind the hype of the media and the marketing battles fought by insurers and brokers to position
themselves as leaders in the market, there is the reality of a genuine opportunity. In this paper, we
explore how the cyber insurance market has evolved in recent years to understand how:
• the drivers underpinning the growth in the US will contribute to the growth in
other part of the world, with a focus on the upcoming European market,
• a few insurers have been able to build significant presence in the market but face
imminent challenge as more and more insurers are now competing in this space,
• customer needs and covers are developing and the opportunities this is likely to bring,
• the reinsurance market is playing its part in supporting cyber insurers, and
• key players have looked beyond the insurance market to identify growth opportunities.
The preparation of this white paper has been made possible thanks to the insights provided by
Aon’s Cyber Solutions team, in particular Kevin Kalinich, Global Practice Leader, Cyber Insurance,
and Luke Foord-Kelcey, Co-head, Global Cyber Practice, Aon Benfield. Last but not least a
special word of thanks to Jeremy Maginot, Director, Consulting, Aon Inpoint, who has led the
creation of this white paper with support from Aon Inpoint colleagues across the globe.
Sincerely,
Michael R. Moran
Chief Executive Officer
Aon Inpoint
4. Aon Inpoint Global Cyber Market Overview: Uncovering the hidden opportunities 4
Cyber insurance products have been around since the late 90s.
The demand originated from the technology, media and telecom
(TMT) sector and professional services firms which needed covers
to protect themselves against inadvertent transfer of malware (cyber
liability cover) and loss of confidential client information (privacy
breach cover). Initially developed as add-on covers or bundled
into existing liability or professional indemnity policies, these
early products were a first attempt by insurers to offer traditional
risk transfer solutions to help their clients with an emerging risk.
Elements of cyber coverage have also been found in property,
general liability, crime, K&R, and other lines of insurance. However,
in policies where cyber coverage intent was silent, some courts have
ruled in favor and others have denied coverage. As a result, insurers
have tightened up their policies to clarify intent of coverage. In most
cases, this has meant introducing specific cyber exclusions but in
some instances, insurers have added affirmative cyber coverage
in property or liability policies. However, there remain significant
elements of cyber coverage under other lines legacy policies.
With the global strengthening of regulations on loss of personally
identifiable information (PII), the costs related to the handling of a
breach increased: i.e. costs of reporting a breach to the regulator,
customer notification, PR costs and legal expenses. Awareness
of cyber threats also started to reach the boardroom. As a result,
the demand for cyber insurance products grew beyond the
TMT and professional services sectors to reach all industries
handling confidential customer information: financial institutions,
retailers, hospitalities and the healthcare sector. Along with the
growing demand from a wider range of companies came the
need for more sophisticated and specific covers which could
not be addressed with endorsements or add-ons to traditional
policies, leading the way to standalone cyber products.
A study conducted by Aon and Aon Inpoint estimated the 2015
global standalone cyber market to be worth $1.7bn in annual gross
written premium. While still cyber insurance has been around
for over 25 years, the market has grown tremendously in recent
years, achieving annual growth rates of c.30% between 2011 and
2015; levels not seen in traditional lines of business. With data
pointing at higher growth rates in 2016, we estimate last year’s
global standalone cyber market to be c. $2.3bn in premium.
However, the market is still believed to be in its infancy and
penetration levels are still relatively low: <15% in the US but
<1% in other regions of the world, leaving plenty of room for
further growth. In particular, the percentage of US companies
that purchase cyber insurance varies significantly by industry
and company size segment. For instance, we estimate that over
75% of financial institutions, retail, healthcare and hospitality
companies with revenue over $1bn purchase some cyber
insurance. On the other end, the level of penetration among
small and medium businesses is estimated to be less than 5%.
Cyber insurance, a market still in its infancy
“The market is
still believed to
be in its infancy
and penetration
levels are still
relatively low”
5. Aon Inpoint Global Cyber Market Overview: Uncovering the hidden opportunities 5
The US market
The US is the largest market and is
estimated to account for c.$1.5bn
or c.90% of the 2015 global
standalone cyber premium. It has
been the main contributor behind
the growth of cyber premiums.
The impressive growth rates
observed in the US have been
driven by several factors.
Data breach legislation was progressively
enforced across the US and is now
in effect in 47 of the 50 states. On
March 15th, the New Mexico Senate
passed the Data Breach Notification
Act to become the 48th state with a
data breach notification law once the
bill is signed by the governor, leaving
Alabama and South Dakota as the
only states without such a statute.
Legislation started in California where
The Mandatory Data Breach Disclosure
Law was first signed in 2002 and
effective from July 2003, making firms
legally obliged to notify affected parties
in the event of a data breach. Similar
legislations were subsequently enforced
in others states between 2005 and 2016.
Highly publicized data breach incidents
involving large corporations targeted
by hacking groups (e.g. Sony in 2011,
Target in 2014, Ebay in 2014 and the
2013 and 2014 Yahoo breaches disclosed
in 2016) have contributed to raising
both public and C-suite Executive
awareness of cyber threats. A survey
conducted by Aon shows that cyber
now appears on the boardroom agenda
of a growing number of companies.
This trend is likely to continue.
Furthermore, the effect of a data
breach on a company’s brand and
customer loyalty can result in loss
of future revenue. It can also impact
potential merger and acquisition
deals as recently illustrated with the
disclosure of Yahoo data breaches
shortly after Verizon announced its
acquisition plan; Verizon subsequently
requested more favorable deal terms.
While cyber insurance was initially
purchased by TMT companies and
professional services firms, in recent
years demand has been predominately
driven by large corporations storing
personally identifiable information (PII)
and processing vast amount of financial
transactions, i.e. large retailers, heavily
regulated financial institutions. These
companies are currently estimated
to account for nearly half of the US
standalone cyber premium, 21% and
29% respectively. Healthcare is also a
large and growing segment of the US
cyber market. Estimated to represent
15% of the standalone premium, these
companies are increasingly purchasing
data breach cover to protect the sensitive
patient information they hold. This is
mainly driven by the HIPAA legislation,
which provides data privacy and
security provisions for safeguarding
medical information, and now holds
companies responsible in the event
of a breach. Originally embedded in
liability policies, data breach covers for
healthcare companies are now offered
by insurers on a standalone basis.
There is also growing concern about
how hospitals and clinics are exposed
to cyber-attacks which could, for
example, impact the operation of
networked life-support devices.
This in turn is driving demand for cover
against third party bodily injury
arising from a cyber event.
$0
$0.5bn
$1bn
$1.5bn
'15'14'13'12'11'10'09'08'07'06'05'04'03'02'01'00'99'98
$0.5bn
$0.7bn
$0.9bn
$1.2bn
$1.5bn
Major loss: Heartland
c. 30% growth p.a. between 2011-2015
Data Breach Notification law
signed in first state (California)
Major loss: TJX
Major loss: Sony
SEC guidance issued
Major loss: Target
Major loss: Ebay, JP Morgan
Data Breach Notification requirements enacted in 46 states
$180m
$325m
321
446
656
498
662
421
471
908
1,370
1,258
Historical estimated standalone cyber market size in US
Sources: Betterley Report, Advisen, PropertyCasualty360, Business Insider, Marsh, Aon, datalossdb.org, Identity Theft Resource Center, NCSL,
Ponemon Institiute, Aon Global Risk Survey, Aon Inpoint analysis
Key growth drivers
Data breach legislation has been
enacted in 47 states, the District
of Columbia, Guam, Puerto
Rico and the Virgin Islands
Legislation
Awareness
# of breaches
Higher cost
In 2015, US firms ranked cyber
as their 5th
most important risk,
compared to 18th
back in 2011
More companies are uncovering
data breaches and reported
breaches in the US have risen
by c.325% since 2006
On average, the cost of a
data breach is 60% higher
than it was in 2006
US market size No. of disclosed
data breaches
6. Aon Inpoint Global Cyber Market Overview: Uncovering the hidden opportunities 6
Notes: SME are defined as companies with sales/turnover below $100m; Mid-market: $100m to $1bn; Large corporate: >$1bn
Source: Advisen, Marsh, Bureau van Dijk, Aon placement data, Aon Inpoint analysis
Estimated breakdown of standalone cyber market in the US (2015)
Company type Industry and revenue SME Mid-market Large corporate % of total
Companies storing
personal data
Technology $39.0m $18.0m $14.0m 5%
$242.0m
(17%)
Telecoms and media $3.3m $8.0m $13.0m 2%
Education $5.3m $46.0m $21.0m 5%
Professional services $9.4m $43.0m $22.0m 5%
Financial transactions
driven companies
Retail and wholesale $76.0m $141.0m $93.0m 21%
$876.0m
(59%)
Financial institutions $31.0m $180.0m $227.0m 29%
Business services $6.7m $47.0m $33.0m 6%
Hospitality $5.5m $22.0m $13.0m 3%
Companies exposed to
operational risks
Manufacturing $56.0m $19.0m $16.0m 6%
$126.0m
(8%)
Utilities $1.3m $4.1m $15.0m 1%
Energy (Oil and Gas) $1.2m $3.6m $9.0m 1%
Companies storing
personal data & exposed
to operational risks
Healthcare $3.4m $103.0m $81.0m 15%
$256.0m
(17%)
Transportation $13.0m $14.0m $10.0m 2%
Total $282.0m $649.0m $567.0m 100% $1.5bn
$567mSMEMid-market
$649mSMELargecorporate
$282mMid-marketLargecorporate
With higher penetration levels compared
to the rest of the market, medium-size and
large companies are the main buyers of
cyber cover. We estimate these companies
to represent 80% of the standalone cyber
premium. Although further penetration
in these segments is expected to drive
future growth, demand is also expected
to come from the smaller segments. These
firms are increasingly assessing their cyber
exposures and are concerned about the
potential impact of a cyber incident.
There is also a lot of growth potential
from non-PII industry segments (i.e.
manufacturing, energy,
utilities) as they start to get
a better understanding of
their exposure to a cyber
event and the impact it could
have on their operations.
Assuming the US standalone
cyber market experiences
growth rates comparable to
those witnessed in recent years,
it could reach $5.6bn in annual
gross written premium by 2020.
0
$1bn
$2bn
$3bn
$4bn
$5bn
$6bn
202020192018201720162015
$1.5bn $5.6bn
Assuming a
continued
30% growth
year on year
US standalone cyber market projection
7. Aon Inpoint Global Cyber Market Overview: Uncovering the hidden opportunities 7
The upcoming European opportunity
Until recently, most of the appetite for cyber protection in
Europe was limited to large companies. However, in the last 18
months demand for cyber insurance products has come from a
wider cross-section of the market. Like in the US, this is largely
explained by insureds becoming more aware of their exposure
to cyber perils coupled with rising concerns about the impact
an event could have on their company’s balance sheet.
Aon Inpoint estimates that the 2015 European standalone cyber
market was worth $135m in annual gross written premium.
Large companies with a turnover above $1bn have contributed
most of the demand and we estimate they represented over
85% of the standalone premium. Similar to the US market,
financial institutions, large retailers and the hospitality sector
are the main buyers of cyber insurance. The lack of a strict
set of regulations across the region means that until now
the demand was mainly focused on extortion and business
interruption cover. However, this is expected to change with
the European Global Data Protection Regulation (GDPR).
The upcoming GDPR, to be enforced in May 2018, is expected
to be a catalyst for accelerated growth. All companies doing
business with clients and prospects in the EU will need to
comply with the new legislation. It will require companies to
notify the regulator and individuals in the event of a breach of
personally identifiable data. If companies do not comply with
the new regulation, they could be fined up to 2% or 4% of their
global revenue depending on the type of activity and subject
to monetary caps. Companies will have a limited amount of
time to ensure that they adhere to the new regulation.
The European market is trying to react to the anticipated uptick in
take up rates. The main brokers are helping their clients prepare for
the upcoming regulation changes, supporting them in evaluating
their cyber exposure and the adequacy of existing covers. Brokers
are also working closely with local insurers to help them tailor their
products and ensure their offerings address the needs of their clients.
2015 breakdown of standalone cyber premium using Aon’s portfolio
Source: Aon broker insights, Aon GRIP data, Aon Inpoint analysis
• No general legislation mandating
notification following a breach
• Weak regulators with limited
ability to sanction firms
• EU laws enforced with varying
degrees of severity
• Strict regulation with a
general requirement to notify
in the event of a breach
• GDPR regulations allow for a fine
of up to 2% of global turnover
• EU wide enforcement of GDPR
• Increased awareness expected to be
driven by GDPR with higher numbers
of data breaches likely to be publicised
• Aon clients already expect Cyber to
be their 8th
biggest risk by 2018
• Mandatory notification is likely to drive
known breach numbers much higher
• In the US where similar legislation
already exists there were 1.1k
(c.85%) more publicised breaches
compared to Europe in 2015
• European firms are likely to suffer
higher costs as a result of GDPR
• US firms have seen the cost
of data breaches rise at a rate
of 9% a year since 2012
• Cyber already recognised as
an emerging risk in Europe
• Aon clients currently view
Cyber as 14th
biggest risk
• European breach rates
are already growing
fast, 36% since 2011
• The cost of data breaches in
Europe currently lags that of
the US by 35% on average
Legislation
Awareness
Number of
breaches
Cost
Pre-GDPR Post-GDPR
2018-GDPRimplemented
5% 10% 25% 60%
Firms storing personal data and
exposed to operational risk
Industries: healthcare, transport and logistics Industries: tech firms, telecoms / media, education,
professional services
Exposures: medical equipment, health information,
customer information, safety systems, communication
systems
Exposures: customer information, cloud platforms,
software source code, unfiled patents, media
liabilities, research
Companies storing personal data
Companies exposed to operational risk Financial transaction driven firms
Industries: manufacturing, utilities, oil and gas Industries: financial institutions, business / personal
services, retail and wholesale, hospitality
Exposures: industrial control systems, machine
software, vendor information
Exposures: credit card information, customer
information, financial transactions,
trading algorithms, asset portfolios
5%
10%
85%
SME, c. $5m
Mid-market
c. $15m
Large corporation
c. $115m
8. Aon Inpoint Global Cyber Market Overview: Uncovering the hidden opportunities 8
A market with growing competition
The increasing demand for cyber insurance and the growth
potential of the market have attracted more and more carriers.
In a global P&C market where yearly growth levels have not
exceeded the low single digits and where insurers have struggled
to achieve organic growth, the emergence of a new product
growing at 30% year on year has generated a lot of interest.
While in the early 2000s there were less than a dozen of insurers
that were able to offer cyber covers, today, close to seventy are
offering standalone cyber products, albeit with varying degrees
of protection, risk mitigation and incident response service levels.
In the US, the five largest insurers (four domestic insurers and
one Lloyd’s insurer with local operations) have established a
significant market leadership presence. We estimated them to
write over 60% of the 2015 US standalone cyber premium. The
three largest insurers have written cyber since the late 90s –
early 2000s and have developed cyber products and incident
response capabilities to establish themselves as recognized
market leaders. Their longstanding position in an emerging
market also means they have accumulated underwriting data
which other insurers cannot access, further enhancing their
dominant position. The proprietary information at their disposal
coupled with their expertise in creating wordings to address
regulatory changes and insureds’ needs has allowed them to
demonstrate a broad appetite and largely unrivalled flexibility
levels. As a result, they have been seen as go-to insurers and
have been able to participate on a broad range of programs.
About $450m of the 2015 US standalone cyber premium was
written in Lloyds. The London market is represented by a handful
of long-established and committed cyber players which are
actively growing their share and developing their underwriting and
servicing capabilities. Other recent entrants and cautious players
are still trying to define how they want to position themselves in
the long run. They tend to limit themselves to providing small
lines of follow capacity on excess layers and target small insureds
by offering cyber covers as options or part of packages via
coverholders. Smaller risks are perceived to be easier to access
and are also considered more attractive compared to large risks
which could leave insurers exposed to more volatile results.
In Europe, the same top three insurers have significant market
presence in the market and are believed to write three
quarters of the standalone premium. They have leveraged the
expertise and capabilities developed in the US market and
have pro-actively built upon their relationships with global
brokers to position themselves on the European scene.
There is enough capacity to write the business domestically
and unlike in the US market, only a limited amount of
European cyber insurance business (complex deals or large
excess layers) finds its way to the London market.
However, the competition is growing to capture the cyber
opportunity. London players are driving innovation to attract
more cyber premium and more domestic insurers are developing
their primary offerings in an attempt to become more relevant,
disrupt current market leaders and write the business locally.
$1.5bn
30%
70%
US total standalone cyber premium
Source: Aon Inpoint analysis
Non-Lloyds
$1.1bn
Lloyds
$450m
$135m
19%
81%
European standalone cyber premium
Source: Aon GRIP data, Aon Inpoint analysis
Market leaders
Extensive
experience,
offering and
appetite
Other active players
More restricted
capabilities and
appetite
US total standalone cyber premium by carrier
Source: Aon Inpoint analysis
$1.5bn
18%
8%
13%
61% Top 5
11-15th
6-10th
The rest
9. Aon Inpoint Global Cyber Market Overview: Uncovering the hidden opportunities 9
Emerging needs and evolving products
The increasing awareness of exposure to cyber incidents and the
potential impact onto a company’s business has driven the demand
for larger limit programs and broader coverage terms. 2016 saw
dramatic changes in capacity for PII cyber programs. While two
years ago, it was generally understood that the largest PII programs
were approximately $300m in total capacity, this increased in
2016 where a number of programs with $500m in aggregate
limit were built for financial institutions and FinTech companies.
Demand for cyber insurance products has also extended
beyond data breach cover. While this has been a strong driver
of the growth in the US as a result of increased regulation
and litigation, there has recently been an increasing demand
for products to cover financial losses and property damage
resulting from a system failure or cyber incident. In Europe and
in other parts of the world, where strict data regulations have
yet to be enforced, cover for cyber liability, cyber extortion
and business interruption account for most of the demand.
A closer look at recent cyber events clearly illustrates the range
of losses that could be triggered as a result of a cyber incident.
Companies operating critical infrastructures through complex
industrial control systems run by software are increasingly
vulnerable to malicious cyber-attacks. The energy, utilities and
manufacturing sectors have grown increasingly worried about
the impact a cyber event could have on their activity. This has
been a prevalent trend in the energy industry where insurance
policies have traditionally had cyber exclusion clauses.
Until recently, cyber insurance products covering business
interruption losses and physical damage were only offered by
a few insurers. They were mainly provided as “difference in
condition” products to fill in the gaps in cover offered by more
traditional insurance policies. However, the emerging demand
for first party business interruption and physical damage cyber
covers caught the attention of a few market participants.
In 2014, Brit launched a new cyber product designed
specifically to provide cyber insurance cover for large industrial
companies. It includes all features of the oil and gas sector
(from upstream to downstream activities), the utilities sectors
and other heavy industry sectors. The launch of the product
was supported by a consortium of syndicates led by Brit
that could offer cover for first party losses up to $250m.
In April 2016, Beazley and Munich Re partnered to offer an
enterprise-wide cyber product, aimed at large corporate
and industrial clients. The product provides up to $100m
of protection including data breach, denial of service,
extortion, property damage and bodily injury exposure.
In September 2016, Aon announced an all-encompassing
product of its own: Aon cyber Enterprise Solution. The “first-
of-its-kind” property/casualty/internet of things insurance
product offers comprehensive and integrated enterprise-wide
coverage against cyber risk. It provides up to $400m cover
for cyber expense reimbursement, security/privacy liability,
network business interruption and contingent business
interruption, property damage, and product liability. Using an
Aon form and supported by several strategic insurer partners,
the product is aimed at large companies with first and third
party cyber exposures (e.g. manufacturing, IT/technology,
utilities) and can be tailored to specific client needs.
“Until recently, cyber insurance products
covering business interruption losses
and physical damage were only offered
by a few insurers.”
10. Aon Inpoint Global Cyber Market Overview: Uncovering the hidden opportunities 10
Sources: ccdcoe.org, New York Times, Marsh, Financial Times, Aon data, Insurance Information Institute, Wall Street Journal, NPR, Bloomberg, Ponemon Institute, Identity Theft Resource Centre
Examples of cyber incidents
First party loss recipient Third party loss recipient
Property
damage
Iranian government (2010): The Iranian government’s nuclear
development programme was disrupted by a computer worm called
Stuxnet, the virus caused one fifth of the country’s nuclear centrifuges
to spin so fast that they tore themselves apart causing severe first
party property damage.
Hunter Water (c.2000): A disgruntled employee who had prior knowledge
of the Supervisory Control and Data Acquisition (SCADA) system of a water
services company hacked into the system and released 264,000 litres of raw
sewage at a variety of locations over the course of 3 months. The attack led
to severe damage of the local environment including the loss of marine life.
Bodily
injury
(covered by Workers’ Compensation policies)
Lodz City Tram System (2010): The first cyber attack to directly cause
injuries came after a Polish teenager rewired a television remote to interact
with the wireless switch junctions of the trams. By overriding the control of
a train it made it jump off the rails and hit another tram, causing minor
injuries to several passengers.
Business
interruption
Saudi Aramco (Aug 2012): a state owned oil and gas supplier, Saudi
Aramco, was targeted by hackers with the intent to cease the company’s
crude oil and gas supplies. The hard drives of 30,000 desktop
computers and 2,000 servers were destroyed, forcing IT systems to be
disconnected from the internet for two weeks.
Polish airline LOT (2015): Polish airline LOT suffered a hack on the
hardware that issues flight plans at Chopin Airport in Warsaw, grounding
over 10 flights and thus affecting the travel plans of thousands of people.
Los Angeles City Hall (2006): was liable to business interruption of third
parties after hackers got into the system and caused gridlock at 4 key
intersections for several days.
Other
financial
loss
Company
Incident
date
Industry
# records
breached
Est. cost of
incident
Details
Anthem Feb 2015 Healthcare 80m $100m
Hackers gained unauthorised access to Anthem’s IT system
and obtained personal information for current and former
members (name, date of birth, social security number, street
address, employment information including income data).
JP Morgan
Chase
July 2014
Financial Services
(Banking)
76m -
Hackers obtained the highest level of administrative privileg-
es to a number of servers stealing names, addresses, phone
numbers and email addresses. JPMorgan has said it plans to
spend $250 million on digital security annually.
Ebay Mar 2014 Retail (Online) 145m $200m
Hackers obtained login credentials from a small number of
employees using them to access all user records and copy a
large part of the credentials. Reports suggest that whilst 85%
of eBay passwords have been reset the site is yet to return to
the previous activity levels seen prior to the hack revelations.
The hack has forced the company to lower its annual sales
targets by $200m.
Target 2014 Retail 40m $162m
Malware stored on Target’s checkout registers led to the theft
of data from 40 million credit and debit card accounts
along with personal information from 70 million customers.
Zappos Jan 2012 Retail (Online) 24m $500m
Hackers accessed customer names, email and postal address,
phone numbers and encrypted passwords.
Heartland 2008-2009
Financial Services
(Payment processor)
136m $110m
Stolen data included the digital information encoded onto
the magnetic stripe built into the backs of credit and debit
cards. Thieves can use that data to counterfeit cards by
imprinting the same stolen information onto fabricated cards.
TJX 2006-2007 Retail 46m $90m
Hackers circumvented a store’s wifi network and stole
customers’ debit and credit card data.
Adobe Sep 2013 Technology 36m -
Data breach resulted in credit and debit card information
being stolen for 3.1m customers, encrypted passwords
for 33m customers and the source code for packages incl.
Adobe Photoshop.
FinanciallossNon-financialloss
11. Aon Inpoint Global Cyber Market Overview: Uncovering the hidden opportunities 11
Many cyber insurers have been concerned about potential risk
aggregation and the impact a systemic event could have on
their portfolio. Although this type of catastrophic event is yet to
be witnessed, large distributed denial-of-service attacks (DDoS
attacks) such as the Dyn cyber-attack that took place on October
21st, 2016 are a reminder of the potential impact a large organised
attack could have on industries that heavily rely on the internet.
As a result, insurers have remained cautious about holding too
much cyber risk on their balance sheet and have looked for simple
reinsurance mechanisms to offload some of the exposure.
A study conducted by Aon Benfield, estimates the 2015 global
reinsurance market to be worth c. $525m in annual premium
with approximately 95% written on a quota share basis. The
reinsurance market is in its early stages. Prior to 2015, a large
amount of risks was still believed to be packaged and placed
in traditional financial lines and casualty treaties with only a few
standalone cyber treaties placed in the market. Worries about
potential silent cyber aggregates under traditional policies (i.e.
addition of cyber endorsement, inclusion of cyber trigger…),
allowed by lenient underwriting guidelines forced cedents to
ask reinsurers to remove cyber exclusions from existing treaties.
This approach had various level of success as it was perceived by
reinsurers as a means to transfer the problem of silent aggregate
from the insurance to the reinsurance market. However, as the
insurance market develops a better understanding of the risk and
moves towards standalone products, insurers will try to ring-fence
their cyber portfolio to better manage their exposure, allowing
the creation of separate cyber treaties. This is already happening.
However, the reinsurance market faces two main challenges:
the current lack of suitable data and modelling capabilities to
evaluate exposure aggregate and the lack of underwriting talent
with the expertise required to develop and make the market.
More than 15 reinsurers actively write standalone cyber
treaties and the number is increasing. Some of them have been
supporting the cyber reinsurance market for over a decade.
They have built their book over time and are able to offer 20-
30% line participation on quota share treaties. However, they
remain conservative about their overall exposure to cyber risks
and often require loss occurrence caps for business interruption
on quota share treaties. More recent entrants have showed
a clear appetite to quote business but are unwilling to take
large lines and typically limit their participation below 20%.
While most ceded cyber premiums relate to US domiciled risks, a
significant portion is reinsured outside of the US. A large amount
of that premium flows to the London wholesale market and a few
reinsurers also write cyber business from their Bermudan operations.
A nascent reinsurance market
$525m
The estimated amount of
cyber reinsurance premium
placed globally in 2015 is
approx.
percentage of standalone
reinsurance premium
written via quota share
programmes
c.95%
12. Aon Inpoint Global Cyber Market Overview: Uncovering the hidden opportunities 12
When looking at cyber, one also needs to
look beyond the insurance and reinsurance
market to obtain a complete picture
of the fast growing cyber industry.
A recent study from Gartner estimates that
worldwide information security spending
increased by 7.9% to reach $81.6bn in
2016, a significant increase compared to
the 4.7% additional spending observed
in 2015. This strong growth is primarily
driven by the need for companies to
access external services to improve their
security position in the digital business era.
The surge in the demand was answered
by a booming industry sector, with
investment in companies and start-up
providing such security services growing
at c.20% per year as reflected in some
cyber indexes (ISE Cyber Security® Index).
Today, companies have access to a
wide range of information security
services that can be grouped in two
main categories: risk mitigation solutions
and incident response services.
Risk mitigation solutions are aimed at
obtaining a better understanding of a
company’s exposure to potential cyber
threats in order to identify and deploy
appropriate solutions to mitigate them.
They include assessment of cyber risks,
advisory services, security software,
hardware solutions, training of personnel
and compliance facilities. A company
typically accesses these services to
evaluate the security of its network, the
quality of its IT governance and quantify
the impact a cyber event could have
on its business. Equipped with a better
understanding of its exposure to cyber
threats, a company can then evaluate if
risk transfer solutions are needed for them
to be comfortable with retention levels.
Incident response services are intended to
support companies that have experienced
a cyber incident, including extortion,
denial of access, system failure, hacking,
and data breach. They comprise crisis
management services, including access
to a breach coach, forensic support to
identify and remediate the cause of the
event, customer notification services,
credit and ID monitoring and legal
support. The main objective of these
services is to minimize the potential
loss arising from a cyber incident by
rapidly coordinating and managing the
various aspects of the response from
communication and notification of the
event to forensic and legal support.
In a study, Aon Inpoint estimated the
2015 global revenue generated across all
segments of the cyber service range (i.e.
from risk mitigation to risk transfer and
post-incident solutions) to be in excess
of $100bn. Most of it is accounted for
by companies offering risk mitigation
services, with those providing software or
hardware security solutions representing
over 70% of the global revenue. The
insurance and reinsurance markets were
estimated to account for a mere 2%.
Opportunities beyond risk transfer solutions
Diagnostic
and risk
assessment
Assess an enterprise’s cyber
security, identify potential
risks and measure its exposure
to cyber threats and impact
on companies activity.
Advisory and
consulting
Provide recommendations
on how to improve network
security, mitigate risks and
advise on potential risk
transfer solutions.
Software and
hardware
solutions
Deliver preventive hardware
and software solutions and
act as another barrier to
prevent cyber incidents and
potential external attacks.
Training and
compliance
Offers training on how to
comply with data regulations
(e.g. HIPAA) and how to
mitigate cyber incidents,
often provided via online
platforms.
Crisis
management
Provide support on how
to deal with a breach
and mitigate the impact,
including coaching,
coordination of services and
public relationship
Forensic Identify the cause of the incident
and advise on solution to
contain the loss and remediate
the problem to return to normal
operating conditions
Customer
notification
Notify customers of security
breaches and loss of
personal data to comply
with notification procedures
dictated by local regulation
Credit and ID
monitoring
Offer credit and monitoring
services to detect fraudulent
activities after customer
details and payment card
data have been compromised
Legal Provide the company victim
of a data incident with legal
advice on how to respond to
a breach and defend itself in
case of a lawsuit
13. Aon Inpoint Global Cyber Market Overview: Uncovering the hidden opportunities 13
2015 breakdown of total cyber security market (c.$100bn) by segment
Sources: Company websites, Insurer websites, Broker websites, RIMS 2016, Aon Cyber Committee research, Cybersecurity Ventures, Owler, Ranker, Hoover, Bessemer Venture Partners, Gartner, Verizon,
MicroMarketMonitor, Aon Inpoint analysis
2%
4%
94%
Risk transfer, c.$2.2bn
Incident response, c.$4.1bn
Risk mitigation,
c. $93.7bn
Risk mitigation
solutions
>$5bn $15bn >$70bn $6.7bn
Diagnostic / Risk assessment Software / Hardware solutions
Advisory / Consulting Training and compliance
Incident response
services
Risk transfer
solutions
$1.7bn
$0.4bn
Insurance premium
Forensic
Credit and ID monitoring
Legal
Reinsurance premium
$0.3bn
$1.4bn
$1.4bn
$0.4bn
$0.6bn
Crisis management
Customer notification
Risk mitigations and post incident services are particularly valued
by small and medium sized companies which do not have the scale
to develop in-house capabilities. While large and global companies
sometime refer to external vendors for additional support in specific
situations, they tend to develop and use their internal IT, PR and
legal capabilities to mitigate their risks and respond to a breach.
As part of their cyber products, insurers have tried to offer or
provide access to some of those services and have established
partnerships with selected vendors. Some like AIG offer access
to a long list of partners and vendors from breach and privacy
counsel to forensic, notification and post-breach and public
relations. Others like Beazley have opted for a reduced list
of selected partners and formed breach response teams to
coordinate those services as an integral part of their cyber
offering. However, beyond the key players, other insurers have
also focused their offering on the response services as a means
to contain the losses resulting from a breach. Most of them
do not provide clients with support in assessing their network
security and reducing their exposure to potential attacks.
In 2016, Aon Inpoint reviewed over 600 of the most
active companies in the cyber security space. Excluding
legal services, few are able to offer the full range of loss
prevention and incident response services. Many of them
only focus on one or two elements of the risk mitigation
services and some aspects of data breach support.
The study highlighted the difficulty for companies to find a ‘one
stop shop’ that could help them access the full range of services
and risk transfer solutions. The gap has been identified by a
number of players in the insurance market as an opportunity
to differentiate and strengthen their cyber offering.
In October 2016, Aon announced the acquisition of Stroz Friedberg,
a global leader in cyber security to create a comprehensive
cyber risk management advisory group. With this, Aon will aim
to provide companies with broader solutions, bringing together
Aon’s expertise in risk assessment and transfer solutions and Stroz
Friedberg’s cutting-edge cyber security governance, advisory
services and incident response. Other brokers and cyber industry
solutions providers are also entering into various joint ventures
and other partnerships that add elements of cyber solutions.
14. Aon Inpoint Global Cyber Market Overview: Uncovering the hidden opportunities 14
Global loss prevention and incident resolution sample service offerings
Sources: Insurer websites, Company websites, ARS Cyber Committee, RIMS 2016, Broker websites, Cyber Security Ventures, Bessemer Venture Partners, Gartner, Ranker.com, Aon Inpoint analysis
Conclusion
The world is continuing its digital transformation with no sign
of slowing down. The amount of data consumed by businesses
increases every day. Companies are also ever more reliant on
inter-connectivity of systems and technologies to operate. At the
same time, hackers have become more sophisticated at exploiting
networks and software vulnerabilities to achieve their goals and the
number of reported cyber-attacks keeps increasing. In addition,
the continually evolving technology environment has made it
more challenging for companies to keep up with the latest security
solutions, leaving them more exposed to potential threats. In this
context, the insurance industry will play an important role in helping
companies manage their exposure to potential cyber perils.
There are plenty of opportunities for insurers and reinsurers whether
in existing or upcoming markets. As the digital and technology
environment evolves, new risks will emerge and opportunities
will appear as the demand for products and services develops.
Insurers that are trying to grow in this segment are actively
developing their strategies. Many are investing in new capabilities,
establishing partnerships with cyber security firms and hiring
experts outside the industry to build a competitive edge. However,
in this fast growing and changing market, those that stand still
for too long are in danger of missing out on the opportunity. A
clear strategy and early positioning will be essential to succeed
in this environment. Late entrants will struggle to compete with
established players and bridging the gap will be challenging.
Aon Inpoint has already helped several insurers with
their cyber ambitions, ranging from market entry
support and value proposition enhancement to assisting
established players identify the next opportunities.
Provider
categories
Sample
count
Full loss pre-
vention offering
8
Extensive
loss prevention
offering
11
14
45
13
Dual
loss prevention
offering
13
89
14
10
5
43
Specialist
loss prevention
offering
21
23
228
5
Incident reso-
lution focused
70
Grand total 612
% of sample offering incident response services
Crisis
management
Customer
notification
Forensic
experts
Credit and ID
monitoring
Legal experts
50% 13% 25% 13%
9% 27%
36% 21%
2% 7%
8%
36% 9%
6% 1% 3% 1%
14%
40% 10%
17% 9%
17% 9% 48%
2% 3% 1%
20%
26% 14% 14% 7% 51%
56
(9%)
15
(2%)
47
(8%)
11
(2%)
37
(6%)
Risk mitigation solution offering
Diagnostic /
Risk assessment
Advisory /
Consultation
Software / Hard-
ware solutions
Training and
compliance
215
(35%)
95
(16%)
450
(74%)
144
(24%)
15. Aon Inpoint Global Cyber Market Overview: Uncovering the hidden opportunities 15
Contacts
Driving Value and Innovation for Insurers and Reinsurers
Aon Inpoint is dedicated to delivering value, insights and
innovation through data, analytics, engagement and consulting
services to (re)insurers, across the full spectrum of insurance,
reinsurance, and capital markets.
Aon Inpoint’s focus is to always act in the best interests of Aon’s
insured and cedent clients by enabling (re)insurers to compete
more effectively so that Aon can provide valuable solutions and
greater choice to our mutual clients.
Consistent with confidentiality and data compliance protocols,
Aon Inpoint provides (re)insurers with access to Aon’s industry
leading data analytics platforms, including Aon GRIP® and
Re/View, combined with our consulting capabilities, enable
(re)insurers to develop growth strategies, as well as to identify
and execute business improvement and growth opportunities
in new markets and product lines.
About Aon Inpoint
Michael R. Moran
Chief Executive Officer
Aon Inpoint
The Aon Center,
200 East Randolph Street,
Chicago, IL 60601, USA
+1.312.381.3962
michael.r.moran@aon.com
Sherif Zakhary
Global Head of Sales
Aon Inpoint
44 Whippany Road,
Suite 220, Morristown,
NJ 07960, USA
+1.347.334.2216
sherif.zakhary@aon.com
Robert Woods
Group Managing Director
EMEA
Aon Inpoint
The Aon Centre,
The Leadenhall Building,
122 Leadenhall Street,
EC3V 4AN, London, UK
+44.20.7086.3344
robert.woods@aon.co.uk
Antony Ainsworth
Group Managing Director
Americas
Aon Inpoint
199 Water Street, New York,
NY 10038, USA
+1.212.441.1266
anthony.ainsworth@aon.com
Giselle Walther
Group Managing Director
APAC
Aon Inpoint
80 Collins Street, Melbourne,
VIC 3000, Australia
+61.3.9211.3143
giselle.walther@aon.com
Jeremy Maginot
Director, Consulting
Aon Inpoint
The Aon Centre,
The Leadenhall Building,
122 Leadenhall Street,
EC3V 4AN, London, UK
+44.20.7086.4502
jeremy.maginot@aon.com
Marguerite Soeteman-Reijnen
Chief Marketing Officer
Aon Inpoint
Admiraliteitskade 62,
Rotterdam, Netherlands
+31.10.448.7756
marguerite.soeteman.
reijnen@aon.nl
Paul Galvin
Global Leader, Carrier Solutions
Aon Inpoint
The Aon Centre,
The Leadenhall Building,
122 Leadenhall Street,
EC3V 4AN, London, UK
+44.20.7086.0055
paul.galvin@aon.co.uk
Kevin Kalinich
Global Practice Leader, Global
Cyber Insurance Solutions
Aon Risk Solutions
The Aon Center,
200 E Randolph Street, 8 E 03B,
Chicago, IL 60601, USA
+1.312.381.4203
kevin.kalinich@aon.com
Luke Foord-Kelcey
Co-head, Global Cyber Practice
Aon Benfield
The Aon Centre,
The Leadenhall Building,
122 Leadenhall Street,
EC3V 4AN, London, UK
+44.20.7086.2067
luke.foord-kelcey@aonbenfield.com