The digital economy has emerged as a key driver of growth and development across the world. According to Huawei and Oxford Economics, it accounted for 15.5% of global GDP in 2016 and this share is expected to increase to 24.3% by the year 2020—growing 2.5 times higher than the overall growth of the global economy.
However, along with rapidly increasing digitization, we are witnessing an exponential increase in cyber risks. These have potentially huge financial impacts that could place entire economies and societies in jeopardy. Such threats now typically include privacy breaches, cyber fraud, denial-of-service attacks, and cyber extortion. There are many examples just within the last few years. For instance, a cyber attack on Ukraine’s power grid in 2015 caused serious power outages, and in 2016, the Central Bank of Bangladesh lost $81 million in a cyber heist. That same year, more than 3.1 billion records were leaked globally.
While traditional approaches such as establishing computer emergency response teams and national cyber security agencies are important, there is a need to engage more actively with both public and private entities through new institutional structures, new technologies, and new business models. Cyber risk insurance is one tool that can help address these challenges.
Cyber insurance for a healthy cyber ecosystem
. Enabling better optimization of data in organizations, serving as a catalyst for valuating data assets, and strengthening secure data practices can contribute to a healthy data eco-system and contribute to the overall growth of the digital economy.
Currently, cyber insurance is in its infancy, but demand is increasing in the wake of recent high-profile attacks such as WannaCry and Petya. According to PricewaterhouseCoopers, cyber insurance premiums have been growing at a compound rate of 38% globally and are expected to reach $7.5 billion by 2020.
But a number of challenges inhibit the uptake of cyber risk insurance. These include the absence of good actuarial data, shifts in threat technologies, constraints in applying standard policies to specific clients, the lack of sophisticated policies and regulations, immature insurance industries, and the scarcity of high-quality technical talent. These challenges are even more evident in emerging markets and developing economies (EMDEs).
Building cyber insurance markets in developing countries
Developing countries are in particular need of robust data security frameworks. Major insurance firms, such as AIG, AON and Chubb have taken note and are exploring the future growth potential for cyber insurance in developing countries in addition to developed markets.
. They are well positioned to bring governments, insurers, academia, and capital market participants together to address common issues. Potential activities could focus on:
- Mandatory breach reporting and information sharing with different stakeholders
- Creation of platforms for sharing information on cyber threats and breaches
- Promoting the standardization of cyber insurance policies
- Supporting programs to develop relevant technical skills
Stimulation of competitive private insurance markets is another area where MDBs can contribute, for example, by attracting private sector investment through Public-Private Partnerships, offering guarantees for cyber reinsurance, or providing post-disaster loans and grants to companies in fragile countries with little capacity to buy insurance. They can also help develop insurance-linked securities markets (ILS) for competing with the cyber reinsurance market, which would contribute to local capital market development. An example of an ILS structure is shown here:
A possible cyber reinsurance PPP structure and collaboration with the World Bank Group
Collaboration with the World Bank Group—including the Infrastructure, PPPs and Guarantees Group and the International Finance Corporation—could help governments develop robust partnerships with the private sector. This would fit in well with its Maximizing Finance for Development (MFD) initiative by drawing on private sector funding and expertise to solve development issues. World Bank Guarantees, catastrophe-deferred drawdown option loans, and credit enhancement products from the Multilateral Investment Guarantee Agency (MIGA) could help crowd-in private insurance companies to the market.
The World Bank Group could also help attract the financing of cyber insurance by supporting PPP transactions, as shown below:
. Key stakeholders, including policyholders, security tech companies, governments, and insurers, with support from the World Bank Group and other MDBs, can implement cyber risk insurance and reinsurance programs to enhance cyber security capabilities and management systems, contributing to more engaged and agile government policies, and thereby stimulating economic development.
Bringing cyber risk reinsurance into the PPP discussion is a result of the partnership between the World Bank and the Hanwha Group, a leading Korean conglomerate, through the World Bank Group’s Global Secondment Program. Secondees enhance their skills, share knowledge, build strategic alliances, and promote cultural exchange and diversification to contribute to the Bank’s work.