2018: The year of data insurance
Damaging data breaches are behind a growing demand for specific data insurance policies
For many companies, data is a critical business asset. But how can the value of that data be measured? And what happens when that data is lost or stolen?
The constant occurrence of high profile data breaches shows how crippling a threat to a company's data can be, and the irreparable damage it causes to organisations' reputations. In addition to this, the Ponemon Institute estimated the average total cost of a data breach in 2017 at $3.62 million.
But are companies doing everything they can to protect and insure their data? One industry rapidly growing in response to data breaches is the cyber security insurance market. This industry has seen 30% year-on-year growth, with the industry set to reach $5.6 billion in annual gross written premium by 2020, according to AON.
Cyber and privacy insurance covers a business's liability for a data breach in which the customer's personal information is exposed or stolen by a hacker.
Insuring the uninsurable
However, even with the market's growth and the continued threat of data breaches, only 19% of UK companies are covered for losses associated with cyber security breaches and data theft. PwC say that the amount of cover insurers offer does not come close to the potential losses seen by companies from a truly damaging cyber attack.
There is also a nervousness among insurers themselves to shoulder the risks: half of insurers in the UK do not actively pursue cyber insurance as an area of growth, believing the risk to be "borderline insurable", and those who do offer it tend to limit the amount of cover offered under each policy, according to PwC.
But with the increase in breaches and companies' subsequent losses, it seems likely that coverage will broaden over the next year or so, as no one is immune to the threat of a data breach.
Doug Laney, an analyst at Gartner, recently wrote a book (titled Infonomics: How to Monetize, Manage, and Measure Information for Competitive Advantage) that provides distinct models on how companies across all industries can review the value of their data, both in non-financial models and financial models.
Non-financial models focus on the intrinsic value, the business value and the performance value of the data. These data values can measure a company's uniqueness, accuracy, relevancy, internal efficiencies and overall impact of its usage.
Financial models focus on the cost value, the economic value and the market value of the data. These data values can measure the cost of acquiring data, administering the data internally and the value of selling or licensing a company's data.
Data as a commodity means its value will only increase, and ultimately drive new questions and conversations about how this raw material can continue to project companies to greater heights and help them gain new advantages. But as its value increases and drives a company's wealth-creation strategies, it becomes a bigger target for cyber criminals too, leading companies to seek to protect it. While insurers haven't stepped in yet, the surge of breaches in 2016 and 2017 arguably makes 2018 the year more will begin to offer insurance policies for this increasingly valuable asset.