The best China News & Insight from the web in one place.

Cyber Insurance in China explained.

By Simon Gilbert for China Brain



The increased frequency and severity of cyber crime in several of Asia's tiger economies has dominated headlines in recent months. Statistics from the International Data Corporatation (IDC) indicate that the impact of cybercrime includes the impact of hundreds of millions of people having their personal information stolen. In 2014, more than 20 million people in China were affected.



The annual cost to the global economy from cybercrime is more than $400 billion. Notably, cyber crime losses from the four largest economies in the world (US, China, Japan and Germany) reached $200 billion in 2014, according to IDC.



Whilst the Chinese insurance framework is not as advanced as those in developed markets, it is moving in the right direction and the pace of change is high to adapt to international norms. The challenge for insurers and reinsurers in China is the speed at which the regulatory framework is developing.






There are only two types of companies: those that have been hacked and those that will be.  Even that is merging into one category: those that have been hacked and will be again. Cyber attacks are coming thick and fast and becoming almost an inevitability for business.   It is essential that Chinese businesses proactively manage their cyber risks. 



Chinese businesses in different industries will be feeling particularly vulnerable given the increasing realiance on computer networks and connectivity of data. Recent major cyber attacks in the US and EU serve as a strong reminder as to the importance of regularly reviewing cyber security arrangements.  The directors of a business must ensure they understand the most recent threats and are suitably prepared in the event of an attack.






Typically, the cyber insurance industry breaks an event such as TalkTalk into three parts: Event Management, Financial Loss and Liability.



Event Management involves the internal and external expenses of managing the response to a cyber event.  Cyber insurers vary in the extent of cover provided in Event Management, but in general they recognise that providing access to third party cyber security experts can mitigate the consequences of a catastrophic event. 



This is sometimes spearheaded by a cyber response coach, an industry expert responsible for advising a business on how to handle and manage a cyber event.  Typically this will start with an investigation by third parties to establish the extent of the issue.  If card data is compromised then insurers can indemnify the costs arising from a specialist Forensic Investigator.  Consultation on how to manage legal and regulatory issues will also be covered as well as a crisis communication strategy.  Establishing a call centre to field queries and providing credit monitoring are the last elements of cover.



Financial Loss takes into account the increased operational costs and reduction in profits as a result of the attack. This is known as non-physical damage business interruption, and is typically excluded from property insurance. Should any fines and penalties be issued by regulators and industry associations (for the loss of sensitive card payment data), then cyber insurers will cover this with the proviso that these are insurable by law.  Costs in managing a cyber-extortion situation — and the ransom itself — can also be covered.



Liability tends to impact some months later. Affected individuals or businesses may bring claims or written demands for failing to protect their information.  They may seek compensation for financial losses from hacking, or damages from identity theft. In cases where customers are claiming from multiple jurisdictions, cyber insurers can contribute towards defence costs and any resulting damages from multi-jurisdictional claims. 






Event Management

Financial Loss


Incident response consultation

Loss of net profits

Privacy defence costs and damages

IT forensics (including PFI costs)

Increased costs of working

Failure to notify defence costs and damages

IT professional services

Reputational loss

Hack or virus defence costs and damages

Legal & regulatory consultation

Regulatory fines & penalties

Defamation defence costs and damages

Notification management

PCI Awards

IP defence costs and damages

Crisis communications





Elmore research has found many Chinese Businesses are running a great deal of cyber risk on their balance sheets.  By effecting suitable cyber risk management, such as a robust cyber security framework, including penetration testing and effective threat detection through multi-layer monitoring, as well as suitable testing of incident response plans many cyber attacks can be stemmed from an early stage.  An incident response plan, which considers not just business continuity and disaster recovery, but also easy to implement steps and pre-contracted responders, can make the difference between a disastrous impact to reputation and a positive outcome for the entity in question.



Written by Simon Gilbert, Managing Director, Elmore Insurance Brokers Limited, Elmore Insurance Brokers Limited are a specialist international insurance and reinsurance broker, connecting it`s clients to innovative and competitive capacity.




To comment please register or login

Please login here

Create new account / Forgot password?

Create new account

And a little about you

Forgot your password?

Enter the e-mail address you used to create your account and we will send you instructions for resetting your password.

* Please check your email to get the temporary password we've just assigned you

Edit Password

To continue reading this article please register below as a site user. Thank you

Create new account

And a little about you

If you are already a member, please login here