The number of policyholders, mainly companies, taking out cyber insurance has had a sharp increase.
Cyber insurance compensates for losses caused by cyber attacks and mainly covers risks relating to cyber attacks. These risks include; costs of compensation for damage from information theft, costs of research on possible damage and losses from the suspension of sales activities or assembly lines. Some cyber insurance also covers the costs for research conducted when it is feared that companies might have come under a cyber attack, and subsequent advertising used to apologise for the effects of the attack.
In 2016 it was identified that the number of victims with personal information stolen, from companies and other entities rose by more than 10 million from the previous year along with the estimated compensation paid by the affected companies increasing to nearly 300 billion yen (S$3.74 billion).
"It [the spread of cyber insurance] probably indicates an increasing number of companies that now regard cyber attacks as management risks," a risk management expert said.
In Japan, the first cyber insurance services were marketed in 2013. In 2015, major non-life insurers introduced their own cyber insurance services in succession.
The number of cyber insurance policies in fiscal 2016 rose from the previous period. Mitsui Sumitomo Insurance Co said it increased by 250 per cent; Tokio Marine & Nichido Fire Insurance Co said it roughly tripled; AIU Insurance Co said it increased by 50 per cent, while Sompo Japan Nipponkoa Insurance Inc. said it increased by 350 per cent in terms of premiums paid.
Behind the rising demand for cyber insurance is companies' fear of sizeable losses from information theft.
According to research by the Japan Network Security Association (JNSA), a non-profit organisation, there were 468 cases of information theft via cyber attacks and other means in 2016.
Although the figure fell by 320 from the previous year, the number of victims who had personal information stolen increased by 10.15 million to about 15.1 million during the same period.
Among the top 10 cases in which personal information was stolen in bulk, eight were caused by cyber attacks.
The estimated amount of compensation payments totalled about 299.4 billion yen. The average amount per case also doubled from the previous year to about 674 million yen.
Overall, the figure has been increasing in recent years although there were special circumstances in 2014, where a large volume of information was stolen from Benesse Corp, a major educational service company.
According to the National Police Agency, the number of cases of targeted attacks using e-mails, which contained viruses and are sent to companies, has increased for three consecutive years.
The number of those cases totalled 4,046 in 2016, up 218 from the previous year, marking the highest number of cases since 2012.
"These days, we should consider the notion of coming under cyber attack as just a way of life," said Professor Keiji Habara of Kansai University, a specialist in risk management studies.
"Considering taking out insurance policies, companies have no choice but to examine ways to handle cyber attacks from various multiple angles."
