TOKYO -- Major Japanese non-life insurers are expanding cyber-related policies with broader coverage and higher payout limits, seeking to boost sales as the threat of cyberattack grows.
Cyber insurance policies have largely involved equipment such as computers and servers. But insurers now look to cover devices including factory control systems and surveillance cameras as they become part of the "internet of things."
Tokio Marine & Nichido Fire Insurance, the Tokio Marine Holdings unit, added coverage to cyber policies in January for devices belonging to the internet of things, including industrial control and monitoring equipment. The insurer will reimburse companies for damage arising from leaked information or for lost profits if an attack stops production at a plant.
Sompo Japan Nipponkoa Insurance in February will begin compensating companies for operations halted by a cyberattack. The Sompo Holdings member will offer reimbursement for profits lost due to work stoppage, as well as for the costs of replacing computer equipment. The insurer likely will raise payout limits to roughly 300 million yen ($2.64 million) from 100 million yen for small- to midsize businesses as demand from them grows.
In March, Sompo Japan Nipponkoa will also debut a free service that calculates the damages a company would face in a potential cyberattack. The insurer developed the service along with U.S. company Risk Management Solutions, the U.K.'s University of Cambridge and others. It calculates risk and potential damages based on a survey of the company's security measures and use of internet of things devices.
Mitsui Sumitomo Insurance, a unit of MS&AD Insurance Group Holdings, will streamline the process of taking out cyber insurance policies starting in March. It will give individual business locations more discretion in underwriting such policies, which currently require approval from company headquarters.
The risk of cyberattack has soared in recent years. Japan's National Police Agency has set up connected devices as bait and observes attempts to hack those devices. The agency reported an average of over 2,000 daily attempts to gain unauthorized access to IoT devices as of November -- and that the number is growing rapidly.
Entities that handle private information for at least 5,000 individuals must take steps protect it by law. The law will be revised in May, lowering that threshold and affecting smaller businesses and other groups.
"People will need more protection as the threat grows to personal and small businesses," said fellow MS&AD unit Aioi Nissay Dowa Insurance.