Japan sees surge in demand for cyber insurance as attacks increase

A cyber-defence class in the "War Room" at Korea University in Seoul, where dozens of South Korea's brightest college students practise hacking each other as part of a government scheme to train them to battle some of the world's best hackers.
A cyber-defence class in the "War Room" at Korea University in Seoul, where dozens of South Korea's brightest college students practise hacking each other as part of a government scheme to train them to battle some of the world's best hackers.PHOTO: BLOOMBERG

TOKYO (Yomiuri Shimbun/Asia News Network) - There has been a sharp increase in the number of policyholders - mainly companies - taking out cyber insurance, which compensates losses caused by cyber attacks.

The number of victims whose personal information was stolen last year from companies and other entities rose by more than 10 million from the previous year.

The estimated compensation paid by the affected companies also increased to nearly 300 billion yen (S$3.74 billion).

"It [the spread of cyber insurance] probably indicates an increasing number of companies that now regard cyber attacks as management risks," a risk management expert said.

Cyber insurance mainly covers risks related to cyber attacks. The risks include costs of compensation for damage from information theft, costs of research on possible damage, and losses from the suspension of sales activities or assembly lines.

Some cyber insurance also covers the costs for research, conducted when it is feared that companies might have come under a cyber attack, and subsequent advertising used to apologise for effects of the attack.

In Japan, the first cyber insurance services were marketed in 2013. In 2015, major non-life insurers introduced their own cyber insurance services in succession.

The number of cyber insurance policies in fiscal 2016 rose from the previous period. Mitsui Sumitomo Insurance Co said it increased by 250 per cent; Tokio Marine & Nichido Fire Insurance Co said it roughly tripled; AIU Insurance Co said it increased by 50 per cent, while Sompo Japan Nipponkoa Insurance Inc  said it increased by 350 per cent in terms of premiums paid.

Behind the rising demand for cyber insurance is companies' fear of sizeable losses from information theft.

According to research by the Japan Network Security Association (JNSA), a non-profit organisation, there were 468 cases of information theft via cyber attacks and other means last year.

Although the figure fell by 320 from the previous year, the number of victims who had personal information stolen jumped by 10.15 million to about 15.1 million during the same period.

Among the top 10 cases in which personal information was stolen in bulk, eight were caused by cyber attacks.

The estimated amount of compensation payments totalled about 299.4 billion yen. The average amount per case also doubled from the previous year to about 674 million yen.

The figure has been rising in recent years overall, although there were special circumstances in 2014. That year, a large volume of information was stolen from Benesse Corp, a major educational service company.

According to the National Police Agency, the number of cases of targeted attacks using e-mails, which contained viruses and are sent to companies, has increased for three consecutive years.

The number of those cases totalled 4,046 in 2016, up 218 from the previous year, marking the highest number since 2012.

"These days, we should consider the notion of coming under cyber attack as just a way of life," said Professor Keiji Habara of Kansai University, a specialist in risk management studies.

"Considering taking out insurance policies, companies have no choice but to examine ways to handle cyber attacks from various multiple angles."