Kim Heonsu, President of the Korea Institute of Insurance Research: "Cyber Insurance Needs Systematic Risk Assessment, Underwriting, and Management Frameworks"

It has been found that information technology (IT) security incidents have increased by an average of 37% per year. This is because companies do not recognize IT incidents as a management issue that should be addressed through insurance, and existing systems are inadequate. Experts argue that in order to comprehensively analyze factors such as whether companies have cyber insurance, a systematic framework for risk assessment, underwriting, and management must be established.

At the Korea Economic Association Conference Center in Yeouido, Seoul on the 19th, an international seminar titled "Normalization of Cyber Risks, Challenges and Response Strategies of the Insurance Industry," jointly hosted by the Korea Insurance Research Institute, Representative Yoo Dongsoo of the Democratic Party, and Pohang University of Science and Technology, took place. Presenters including Heonsu Kim, President of the Korea Insurance Research Institute (fifth from left), and Representative Yoo (sixth from left) are posing for a commemorative photo. Photo by Chae-seok Moon

View original image

The Korea Insurance Research Institute announced on March 19 that it co-hosted an international seminar titled "Normalization of Cyber Risks, Challenges and Response Strategies of the Insurance Industry" at the Korea Economic Association Conference Center in Yeouido, Seoul, together with Representative Yoo Dongsoo of the National Assembly's Political Affairs Committee of the Democratic Party and Pohang University of Science and Technology. Over 110 insurance industry professionals attended the event.

Heonsu Kim, President of the Korea Insurance Research Institute, stated, "The core challenge for cyber insurance lies in establishing a system that can assess, underwrite, and manage increasingly unpredictable risks within the market." He emphasized, "For the stable growth of the domestic cyber insurance market, it is essential to enhance risk assessment capabilities, build trust in coverage structures, link with incident response systems, and improve the institutional foundation through multifaceted discussions."

Jaehee Son, Head of the Consumer Digital Research Lab at the Korea Insurance Research Institute, argued in a presentation titled "Current Status and Challenges of the Domestic Cyber Insurance Market" that "it is necessary to introduce a behavioral incentive model to raise the level of risk awareness about IT incidents among companies."

According to Son, the number of security incidents reported to the Korea Internet & Security Agency (KISA) last year was 2,383, increasing at an average annual rate of 36.6%. While the global cyber insurance market has grown to approximately 15.3 billion dollars (about 23 trillion won) as of 2024, the domestic market, even including all cyber-related insurance products, amounts to only about 40 million dollars (about 6 billion won).

She diagnosed that the small size of the domestic cyber insurance market is due to insufficient demand (from affected companies) and supply (from insurers). Cyber risks are difficult to estimate in terms of probability and expected loss, and tend to occur simultaneously and in connection with other incidents. Both companies and other victims have low awareness of these risks and a limited recognition of the need for insurance.

Insurance companies approach the process of covering complex incidents from a conservative perspective, resulting in: ▲ increased insurance premium rates ▲ reduced underwriting limits ▲ expanded exclusions or conditional coverage ▲ strengthened screening and review. These factors contribute to the low penetration and perceived value of cyber insurance within the insurance market. A lack of standardization and insufficient risk-related data infrastructure makes it difficult to mitigate uncertainty for insurers.

Son insisted that, above all, a behavioral incentive model should be introduced to enhance companies' low awareness of risk, and that standardization and risk data infrastructure must be established. She emphasized the need to improve product design and service provision so that consumers can better recognize the value of insurance.

She suggested that, beyond simply providing education, companies should be encouraged to voluntarily recognize IT risks by introducing a model that combines lightweight certification systems with insurance.

In addition, she advised that, in order to increase the possibility of insurance coverage for cyber risks, data on incident classification, loss, and claims should be standardized and used for underwriting (insurance screening). She also called for the establishment of a data infrastructure that enables comprehensive analysis of companies' control levels, incident histories, and insurance coverage status.

Hot Picks Today

"Rather Than Endure a 1.5 Million KRW Stipend, I'd Rather Earn 500 Million in the U.S." Top Talent from SNU and KAIST Are Leaving [Scientists Are Disappearing] ①

• "No Cure Available, Spread Accelerates... Already 105 Dead, American Infected"
• Brilliant Korean Technology Flows Overseas... Subsidies Granted, but "No Product Launch Allowed"
• "Reporters Who First Revealed Jo Jinwoong's Juvenile Offense History Cleared of Juvenile Act Violation"
• Instead of a National Assembly Profile, Now a 'Carpenter'... Ryu Hojung Says "I Couldn't Do a Body Profile Shoot Twice"

Son stated, "It is necessary to provide services that enhance companies' cyber response capabilities by connecting legal, forensic, and notification support in the event of an actual incident, so that policyholders can experience tangible value that goes beyond simple compensation for damages."

© The Asia Business Daily(www.asiae.co.kr). All rights reserved.