Insurers Creating A Consumer Ratings Service for Cybersecurity Industry

Some of the world’s biggest insurers plan to work together on an assessment of the best cybersecurity defenses available to businesses, an unusual collaboration that highlights the rising dangers posed by digital hackers.

Source: WSJ - Leslie Scism | Published on March 26, 2019

Cyberattacks pose risk to creditworthiness

The program, which is being launched Tuesday by the Marsh brokerage unit of Marsh & McLennan Cos., will evaluate cybersecurity software and technology sold to businesses. Marsh will collate scores from participating insurers, which will individually size up the offerings, and identify the products and services considered effective in reducing cyber risk. The results will be available to the public on Marsh’s U.S. website.

Corporate policyholders that use the designated offerings may qualify for improved terms and conditions on policies negotiated individually with participating insurers, Marsh said. Insurers that have agreed to participate include Allianz SE, AXA SA, Axis Capital Holdings Ltd., Beazley PLC, CFC Underwriting Ltd., Munich Re, Sompo International and Zurich Insurance Group AG, according to Marsh.

Such collaboration across the insurance industry is unusual but not unprecedented. In the 1950s, three insurance associations teamed to create the Insurance Institute for Highway Safety, a nonprofit organization dedicated to reducing deaths, injuries and property damage from motor-vehicle crashes.

Many insurers see the burgeoning cyber-risk market as a rare growth opportunity when many other insurance lines are growing sluggishly. Dozens of insurers sell cyber-risk policies, with annual premiums now tallying about $4 billion world-wide, Marsh said. Global spending on information-security products and services will likely top $120 billion this year, according to research and advisory firm Gartner Inc.

There are potential benefits for insurers in the Marsh effort. If global supply chains are well-defended with top-quality software and services, insurers may incur fewer claims from hacking disruption. A collaborative effort across many insurers has a better chance of bringing to light weak cybersecurity products that should be avoided by manufacturers in global supply chains, industry executives said.

Called “Cyber Catalyst,” the Marsh initiative will focus on offerings that address risks such as data breach, business interruption, data corruption and cyber extortion. They are expected to include technology-based products such as firewalls and encryption, tools for monitoring threats, and training and incident-response planning.

Cybersecurity vendors will apply to have their products evaluated in the Marsh program. Some 3,500 firms exist in the world-wide sector, according to Momentum Cyber, which tracks deal activity in the sector.

“Organizations want the best possible protection against fast-evolving cyber threats, but many struggle to navigate the crowded cybersecurity marketplace,” said Thomas Reagan, a senior Marsh executive.

Microsoft Corp. will be a technical adviser to the insurers, but like Marsh, won’t participate in the decision-making about the designations, Marsh said.

Business “buyers are legitimately concerned about what they can do to improve their risk profile,” said Dan Trueman, global head of cyber and technology at Axis, one of the inaugural participating insurers in the Marsh effort. “Should I buy this technology or that technology?”