There has been a sharp increase in the number of policyholders — mainly companies — taking out cyber insurance, which compensates losses caused by cyber-attacks.

The number of victims whose personal information was stolen last year from companies and other entities rose by more than 10 million from the previous year.

The estimated compensation paid by the affected companies also increased to nearly $2.694 billion.

“It [the spread of cyber insurance] probably indicates an increasing number of companies that now regard cyber-attacks as management risks,” a risk management expert said.

Cyber insurance mainly covers risks related to cyber-attacks. The risks include costs of compensation for damage from information theft, costs of research on possible damage, and losses from the suspension of sales activities or assembly lines.

With cyber-attacks on the rise, companies are taking out cyber insurance polices

Some cyber insurance also covers the costs for research, conducted when it is feared that companies might have come under a cyber-attack, and subsequent advertising used to apologise for effects of the attack.

In Japan, the first cyber insurance services were marketed in 2013. In 2015, major non-life insurers introduced their own cyber insurance services in succession.

The numbers of cyber insurance policies in fiscal 2016 rose from the previous period.

Mitsui Sumitomo Insurance Co. said it increased by 250 per cent; Tokio Marine & Nichido Fire Insurance Co. said it roughly tripled; AIU Insurance Co. said it increased by 50 per cent, while Sompo Japan Nipponkoa Insurance Inc. said it increased by 350 per cent in terms of premiums paid.

Behind the increase of the number of cyber insurance policies is the realisation companies have come to, recognising the sizable losses from information theft that can hamper business.

According to research by the Japan Network Security Association (JNSA), a non-profit organisation, there were 468 cases of information theft via cyber-attacks and other means last year.

Although the figure fell by 320 from the previous year, the number of victims who had personal information stolen jumped by 10.15 million to about 15.1m during the same period.

Among the top 10 cases in which personal information was stolen in bulk, eight were caused by cyber-attacks.

The estimated amount of compensation payments totalled about ¥299.4bn. The average amount per case also doubled from the previous year to about ¥674m.

The figure has been rising in recent years overall, although there were special circumstances in 2014. That year, a large volume of information was stolen from Benesse Corp., a major educational service company.

According to the National Police Agency, the number of cases of targeted attacks using emails, which contained viruses and are sent to companies, has increased for three consecutive years.

The number of those cases totalled 4,046 in 2016, up 218 from the previous year, marking the highest number since 2012.

“These days, we should consider the notion of coming under cyber-attack as just a way of life,” said Keiji Habara of Kansai University, a specialist in risk management studies. “Considering taking out insurance policies, companies have no choice but to examine ways to handle cyber-attacks from various multiple angles.”

The Yomiuri Shimbun

The Japan News/ANN

Published in Dawn, The Business and Finance Weekly, July 3rd, 2017