Understanding risks within APAC's growing cyber insurance market

June 2, 2021 / 4 min read

The idea that “no man is an island” still resonates today, as our growing world is more connected and interdependent than ever before. But in the cyber universe, it’s important to also consider another reality: That no device is an island.

GettyImages-184386374_in-line

Singular breaches no longer have a strictly local impact as individuals are hyperconnected to the internet in myriad ways, from personal digital devices to appliances and vehicles. That hyperconnectivity creates digital vulnerabilities, with cybercrime on the rise globally and criminals on constant lookout for new vulnerabilities to exploit. These events can be costly and disruptive for companies as they’re forced to pay the expenses for forensics, business interruptions, liabilities, and ransomware, among other related costs.

With the increase in cyberattacks, a lack of comprehensive cybersecurity policies, and changing data protection legislation, the cyber insurance space in the Asia Pacific region could see a surge in the coming years with organizations trying to understand the risk.

Overall, Asia accounted for 25 percent of global cyberattacks, with India ranking second to Japan as per IBM’s X-Force Threat Intelligence Index 2021.¹ Compared to Europe and the United States, many Asian countries still lag in cybersecurity policy and strategies.

Asia Pacific is also becoming home to 40 percent of the world’s data centers and is expected to overtake the U.S. by 2024.² This renders these countries an attractive target for cybercriminals.

Developments in India

Compared to the other developed countries, India is at a higher risk of cyber attacks due to a large and growing number of internet users. These internet users are accessing a wide variety of online services, including banking, shopping, and social media, making them a lucrative target for criminals. Changing work patterns, with more companies permitting remote work, has also created more opportunities for cybercriminals.³

Even before remote work became mainstream, some of the technological infrastructures remained outdated in India, creating vulnerabilities. India recorded 696,000 cyber breaches between January 2020 and August 2020, a 76 percent increase over 2019, when the country reported 394,000 cyber breaches.⁴

Businesses operating in India may also face potential legislative changes to personal data protection and privacy laws. The proposed legislation, which is under review by the Indian Parliament, will ensure companies handling confidential and sensitive data have sufficient protocols to safeguard the data. The personal data protection and privacy bill is similar to the European GDPR (General Data Protection Regulation), and companies in violation would be responsible for paying a fine. Some of the significant penalized actions involve:

A company or data fiduciary failing to take prompt and appropriate action in response to a data security breach.
If the firm handling sensitive personal data fails to register themselves with designated authority.
A company that handles sensitive data failing to conduct an impact assessment or annual audit, which might carry a risk of harm to data principals.
Failing to adhere to security safeguards and have necessary steps in place to prevent misuse, unauthorized access, disclosure, or destruction of personal data.
Transfer of critical and sensitive personal data outside India in violation of the provisions mentioned.

The cyber insurance market grew in the United States from 2011 to 2015, attributed in part to new laws requiring security measures to protect against cyber risks and report serious breaches to federal authorities.⁵ When the European Union approved GDPR in 2018, gross written premiums increased by 71 percent.⁶ New laws in India advocating for cybersecurity could have a similar effect on insurance in that country.

There are similar data protection laws in Singapore, Indonesia, and Japan.⁷

Effectively managing cyber risk

Having access to a wide range of scenarios and assessing the holistic impact on the larger network is crucial to understanding the spread of cyber risk. To manage cyber risk effectively, insurers must take a proactive, rather than a reactive, approach.

Verisk’s experience helping insurers understand the impact of extreme events before they happen has helped the industry become more resilient and prepared for risks. Verisk’s Cyber Risk Navigator continues that mission. The platform includes a comprehensive set of cyber risk models quantifying exposure to cyber threats, including ransomware and data breaches. Cyber Risk Navigator allows users to manage their cyber risk better globally, enhance underwriting guidelines based on losses due to individual and aggregate cyber events, and manage portfolio tail risk within one powerful tool.

Learn more about cyber risk in the Asia Pacific region during Verisk Cyber Solutions' dedicated session "Understanding Cyber Threats and Solutions" at the 2021 AIR Asia-Pacific Conference.

Singleton, Camille, et al, “X-Force Threat Intelligence Index 2021,” IBM Security, February 2021, https://www.ibm.com/downloads/cas/M1X3B7QG, accessed on April 28, 2021.
Aurora, Sanjay, “Capital One Data Breach and Why Asia Pacific Must Rethink Cloud Security,” CDO Trends, October 28, 2019, https://www.cdotrends.com/story/14493/capital-one-data-breach-and-why-asia-pacific-must-rethink-cloud-security, accessed on April 21, 2021.
Klopp, David, “2020 Ransomware Attack Trends in Asia Pacific – Beyond the Ransom,” Kroll, November 27, 2020, https://www.kroll.com/en/insights/publications/cyber/2020-ransomware-attack-trends-asia-pacific, accessed on April 21, 2021.
Bhardwaj, Deeksha, “Nearly 7 lakh cyber attacks in 2020, IT Ministry tells Parliament,” Hindustan Times, September 22, 2020, https://www.hindustantimes.com/india-news/nearly-7-lakh-cyber-attacks-in-2020-it-ministry-tells-parliament/story-bOv6SuWSP9XxUwtF9uBTvK.html, accessed on April 28, 2021.
“The EU cyber insurance market in the run-up to GDPR implementation,” Xprimm.com, April 26, 2018, https://www.xprimm.com/The-EU-cyber-insurance-market-in-the-run-up-to-GDPR-implementation-articol-117,149-11121.htm, accessed April 21, 2021.
“Cyber Risk for Insurers – Challenges and Opportunities,” EIOPA, 2019, https://www.eiopa.europa.eu/sites/default/files/publications/reports/eiopa_cyber_risk_for_insurers_sept2019.pdf, accessed April 21, 2021.
Klopp, David, “2020 Ransomware Attack Trends in Asia Pacific – Beyond the Ransom,” Kroll, November 27, 2020, https://www.kroll.com/en/insights/publications/cyber/2020-ransomware-attack-trends-asia-pacific, accessed on April 21, 2021.

Understanding risks within Asia Pacific’s growing cyber insurance market

Developments in India

Effectively managing cyber risk