Aon reports that 60 percent of larger companies and 45 percent of smaller companies across industries do not purchase cyber insurance. Why? Its study cited the lack of capacity for large companies, a dearth of certain coverage options, pricing and claims payment uncertainties as possible reasons for the slow uptake.

Insurance industry response is lacking

The great demand for cyber insurance, fueled by an explosion in the frequency and severity of cyber incidents, has not been met with sufficient or customer-segment-specific supply of risk-transfer solutions.

In addition, the industry is grappling with myriad challenges:

• Minimal industry premium, exposure and loss data
• Low-risk awareness among consumers and businesses
• Novelty of the cyber insurance market and its rapid growth in the past 15 years
• Severe shortage of talent in the underwriting, forms-drafting and actuarial space
• Catastrophic potential of losses due to accumulation and systemic risk (for example, power grid hack)
• Low degree of price differentiation across risks, which indicates a lack of data needed to underwrite accurately
• Insufficient customer acquisition and underwriting process differentiation between small, medium and large customers.

Those challenges have heightened the need for insurers and reinsurers to:

• Manage accumulation and catastrophic exposures
• Maintain adequate regulatory and rating agency solvency requirements
• Benchmark across portfolios, customer segments, industries and territories
• Gather statistically relevant data to assess, differentiate and price risks with more precision
• Operate more efficiently across, and underwrite to, multiple customer segments.

Related: More cyber liability education needed industrywide

Data sharing and policy standardization will address cyber catastrophic loss potential. (Photo: Shutterstock)

Moving forward

Disciplined growth of the admitted and excess and surplus cyber insurance market largely depends on two enablers:

1. Data standardization, collection and sharing

2. Policy form standardization and innovation.

Insurers require better collection, aggregation and sharing of cyber insurance premium, loss and exposure data to meet the need for more detailed and accurate risk assessment and pricing. Setting data standards helps create a uniform method for effective and efficient data collection and transfer across the insurance value chain.

In addition to implementing a global cyber exposure data standard, storing the necessary cyber exposure data in an open format suitable for modeling and using open source cyber risk scenarios to assess risk exposures will likely help the industry better manage the cyber risk.

The sharing of data among insurers is critical to better assess and price risks. The absence of shared data will likely result in insurers operating at a competitive disadvantage.

Policy form standardization and innovation

A reliable and standardized policy form is needed to spur economic activity, especially in the financial services industry, where risks and products are traded (mortgages, credit cards, insurance and reinsurance contracts, bonds, stocks and the like).

The case for policy form standardization is particularly strong in new and fast-growing markets such as cyber insurance. Standardization is especially important for addressing the cyber catastrophic loss potential, where risks are traded between insureds, insurers, reinsurers, retrocession firms and capital markets. This need is heightened even further when we overlay supply chain risks, contingent business interruption, and the systemic risk nature of cyber-related incidents and losses. The potential for coverage disputes and ensuing costly and lengthy litigation is massive.

Related: Insurers face several challenges when it comes to innovation

Standardized policy form wording also serves as a launch pad by which companies can innovate their proprietary products and solution offerings — helping to accelerate their entry into the marketplace with more confidence, speed and efficiency.

So why hasn't cyber insurance become a staple of the insurance industry?

The good news is the question is beginning to answer itself. The need for cyber insurance to help mitigate cyber risk exposures is clear, and the cyber insurance market has begun turning to data standardization, policy form uniformity, more extensive data collection, and proper risk segmentation and enhanced pricing information  to meet the rapidly growing demand for protection.

Maroun Mourad is senior vice president, commercial lines domestic and global, at ISO, a Verisk Analytics business. He is author of "The Insurance Management Playbook: A Leader's Guide." Contact him on Twitter @MarounMourad. Opinions expressed in this article are the author's own.