Measuring the financial reputational harm from of cyber events may be difficult, but insurers will need to develop a product to meet the market demand for the risk, according to experts speaking during Advisen’s Cyber Risk Insights Conference, held Feb. 13 and 14 in San Francisco.
Unfortunately, the industry has far to go before being able to effectively underwrite and price reputational risk. Some strides have been made on insuring against business interruption and contingent business interruption, but reputational risk provides a different challenge.
“We’re talking about negative publicity, potentially a loss of consumer trust,” said Elissa Doroff, vice president with XL Catlin. “Is that something that can be measured in a month, two months?”
The “conceptual measurement” is the same as business interruption, according to panelist G. Scott Solomon, vice president, Charles River Associates. “What would our profits have been had a public security event not occurred?” he said. However, the impact of customers leaving – or losing customers a business never had – presents another obstacle to the equation.
The panel also agreed that any insurance product addressing reputational harm would exclude changes due to unfavorable market conditions. Interest in transferring the risk of reputational harm also varies by industry and situation. A business going through a merger or acquisition might be more interested, or industries dependent upon customer trust might find it a must, such as healthcare or law firms.
There is also the issue of data breach fatigue, with consumers less concerned about breaches than they were 10 years ago.