The increasing pace of digitisation, rapid proliferation of data-collecting devices, and fast adoption of innovative technologies are adding strong momentum to emerging Asia’s productivity and economic growth. However, the risk of cybercrime is also on the rise. Cybercrime encompasses a broad spectrum of illicit activities from cyberbullying to identity theft and commercialised privacy.
A study by Peak Re shows that many emerging Asia consumers have experienced cybercrimes themselves. Personal experiences and heightened risk awareness are adding up to an increasing acceptance of personal cyber insurance products.
Expanded scope and complexity
The scope of cybercrime has evolved over the past decade from crimes against computers and information systems to encompass a much broader spectrum of illicit activities. The widening scope and scale of cybercrime renders a formal categorisation almost impossible. The common activities include botnets, identity theft, cyberstalking and cyberbullying, phishing, internet fraud and ransomware attacks.
According to one estimate by Cybersecurity Ventures, cybercrime is predicted to inflict total economic losses of $8 trillion globally in 2023 (equivalent to $255,000 a second, or $21.9 billion a day). Losses are projected to trend on a steeply rising trajectory, reaching $10.5 trillion annually by 2025.
Asia is particularly vulnerable to cybercrime due to its fast digitisation and increasing reliance on mobile technologies. Some markets are facing the challenge of having security infrastructure in place or updated to match the fast-evolving tech landscape. It wasn’t too long ago that the term “cyber five” was coined to denote the vulnerability of Singapore, Australia, Japan, New Zealand and South Korea to cyber attacks due to their heavy reliance on technology.
A limited range of mostly corporate cyber insurance products is available in the Asia marketplace, but there are no reliable figures on the size of the market. Best estimates suggest the premium pool is likely to be within $500 million given the high level of under- and noninsurance of cyber risks in Asia. In particular, the lack of mandatory notification and other cultural factors highlight the need for transparency in the market.
The consumer experience
To better understand the prevalence of cyber attacks and awareness of cybersecurity issues, Peak Re conducted a large consumer survey covering five emerging Asian markets in July/August 2023. The five markets are India, Indonesia, Malaysia, the Philippines and Thailand. Samples are selected based on household income to focus on the “middle-class”.
The full report, covering a range of key insurance topics, including mental wellness, critical illness, and cybersecurity, will be available on Peak Re’s website in November 2023.
Below are some of the key findings
- Cybercrimes that respondents are most aware of include social hacking, identity theft, phishing scams, and hacking. This pattern is consistent across markets, and awareness averaged around 60 percent. That means a sizeable 40 percent is either uncertain or unaware of many cybercrimes.
- The same is true for awareness of risky behaviours. While around 70 percent are aware that using free WiFi in public areas can create cybersecurity risks, less than 40 percent regard “not updating apps and software” as a factor that carries a risk (Figure 1). Similarly, 44 percent of respondents reported connecting to WiFi without any additional protective measures such as using a trusted virtual private network or a security app.
- Around a third of respondents reported experience with one of the following five cybersecurity issues: cyberbullying, hacking, malware infections, phishing scams and identity theft. The incidence rate (based on having experienced any of these five cybersecurity issues) is particularly higher in India, followed by the Philippines and Thailand (Figure 2).
- Respondents are mainly concerned about financial losses from cybercrime. Emotional distress is also a significant concern in cases of cyberbullying and identity theft. Other concerns include disruption to daily life and impacts on personal credit ratings.
- The average financial losses reported by respondents ranged from around $200 in Thailand to around $550 in Malaysia and India. There is also a wide dispersion of losses, with around one-fifth claiming their financial losses to be “severe”. Follow-up actions such as reporting to the authorities and relevant financial institutions rarely led to a full recovery.
- On average, individuals are ready to pay around $40 for insurance protection against cyber threats. Those who have experienced cybercrimes before are noticeably more eager to pay.
See charts below
Given the multiple entry points available to cyber criminals nowadays, the risk increases exponentially. Victims of cybercrimes could face significant financial losses and possible legal fees for lawsuits, as well as emotional distress. Value-added services are increasingly being provided by insurers, including access to fraud specialists, active cyber monitoring, lawsuit protection, and replacing or restoring lost data and documents.
The availability of insurance covers and additional services varies widely between markets and is observed to be at only a nascent stage in most emerging Asian countries. Nonetheless, given the high prevalence of cybercrimes and a lack of redress mechanisms, the outlook for personal cyber insurance in emerging Asia remains promising.
Insurance is an important piece of the puzzle to untangle cybersecurity risks, but mitigation measures remain of utmost importance. Consumers can reduce their risk exposures by adopting some sensible measures, such as installing anti-virus software or refraining from connecting to public WiFi. Adherence to some robust cybersecurity protocols, such as having the latest updates and regular backup, would go a long way to reducing the risk of falling victim to cybercrimes.
Conclusions
Many factors will help to drive and define the future of the cyber insurance market in Asia. These include the standardisation of products, improving legal certainty of cyber exposure and the development of tailored cyber insurance models. Further efforts are still needed to overcome other challenges such as the lack of a sufficiently long history of claims data and the identification of fast-evolving threat vectors, agents and actors.
At the same time, the advance of generative artificial intelligence (gen-AI) is heralding a new era of innovation, but the accompanying cybersecurity threats are equally daunting. An early concern is data privacy, although this has largely been eclipsed by more severe considerations such as hackers bypassing a gen-AI’s safety system and taking control of it. This could result in “model manipulation and poisoning”, while other threats include the creation of advanced phishing emails or messages, adversarial attacks, deep fakes, and synthetic media.
While technological advancements are vital to societal advances and economic growth, the realm of potential risks is distinct and large. Managing these risks will require a multi-stakeholder approach to risk identification, financing and mitigation.
About Peak Re
Peak Reinsurance Company Limited is a Hong Kong-based global reinsurance company. Since commencing operations in 2012, the company has grown to rank 27th among international reinsurance groups by S&P in 2022 in terms of net reinsurance premiums written. Peak Re is rated ‘A-’ by AM Best and offers property & casualty and life & health reinsurance.
Our mission is to modernise reinsurance while supporting the protection needs of the emerging middle classes of emerging Asia and beyond. Our vision is to “be the most valued reinsurer of our clients”. On average, we pay 88 percent of claims within five days. The speed and accuracy of claims payments are critical to safeguarding households and businesses from severe financial strain.
Our strategy for the coming years is to strengthen our footprint in emerging Asia, our home, and selectively expand into other emerging regions, to support the rising middle-income class. Since inception, we have developed a balanced and diversified portfolio by line of business and geography, providing clients with innovative and tailored reinsurance, risk management and capital management solutions.
Did you get value from this story? Sign up to our free daily newsletters and get stories like this sent straight to your inbox.
Peak Re, Piotr Nowakowski, Cyber Insurance, Cybercrime, Insurance, Reinsurance, Global