Cyber risks are potentially catastrophic and insurers should be wary about expanding the coverage they offer, a panel of experts said.

The systemic nature of cyber risk means that insurance can be only part of the solution, so organizations should apply enterprise risk management techniques to address the exposure, they said.

Currently, cyber insurance products have a limited scope and often are limited to covering named risks, such as breach response costs. However, there is demand from commercial buyers for more comprehensive coverage. But insurers should not rush to meet those demands, said Peter Hacker, a global advisory executive at Distinction Global, a unit of the Cybercrime Research Institute G.m.b.H. in Cologne, Germany.

“Before we can run, we should start walking first. We should first start investing more time to understand better the threat itself before talk about new products,” he said Wednesday during a session of the Global Insurance Forum in Singapore, which is organized by the International Insurance Society.

Technology, such as the internet of things, is developing at a rapid pace, and insurers need to better understand the risks before offering coverage, Mr. Hacker said.

“We are running the risk that we believe that we have to create new revenue streams and potentially ignore the risk that we are confronting — a risk that’s systemic and could potentially wipe out an insurer,” he said.

By Gavin Souter

See full story at www.businessinsurance.com