Insurers to support cyber risk management

November 2021

Mr Lawrence Wong, Minister for Finance and Deputy Chairman of the Monetary Authority of Singapore (“MAS”), has emphasised in his speech at the Singapore International Reinsurance Conference 2021, the need for the insurance industry to work closely with the cyber security industry and policymakers, to better assess and quantify cyber risk and to formulate risk insights in line with evolving digital technologies and developments, creating more reasonably priced solutions with proper coverage for firms. 

Mr Wong noted that cyber risk had increased with the growth of the digital economy. Asia is vulnerable, and the region alone has accounted for over a quarter of global cyber-attacks in 2021. The costs of cyber breaches are staggering, as such cyber-attacks not only damage a firm’s technology assets, but also cause financial and reputational losses, constraining future business growth. Cyber insurance therefore forms a part of a holistic cyber risk management strategy. Apart from managing the financial impact of cyber incidents, many cyber insurance policies provide access to a panel of experts to support with forensics, repair and recovery of IT systems, and stakeholder management. Cyber insurers, as part of their underwriting process, also assess the client’s cyber security posture and incentivise firms with stronger risk management practices with better coverage and more affordable premiums.

Importantly, several cyber insurers in the market are customising solutions, combining cyber risk capacity building, risk assessment and financing, for SMEs, which are an under-served segment in the cyber insurance market. Insurers are also partnering policymakers in assessing their clients’ cyber risk. For example, QBE Insurance Singapore, Delta Insurance, Pandamatics Underwriting, and Beazley have incorporated the Data Protection Trustmark (“DPTM”) as part of their cyber insurance underwriting process to assess whether their client has sound and responsible data protection practices. The DPTM was launched by the Personal Data Protection Commission in collaboration with the Infocomm Media Development Authority. DPTM provides third-party validation and assures organisations that they have robust data protection policies in place. Such trustmark-certified organisations would also enjoy faster application processing and premium discounts for cyber insurance.