Cyber Insurance in Indonesia (Updated)

Dear Insurance providers in Indonesia,


Try finding a policy here is a long, hard process.

Here are the basics of any Cyber policy

Typical Cyber coverage includes:

A. Third Party Liability

1. Privacy and Data Breach Cover

2. Network Security Claims Cover

3. Media Liability Claims Cover

4. Regulatory Costs and Fines Cover

B. First Party Business Interruption and Crime

5. Hacker Theft Cover

6. Business Interruption and Restoration Costs Cover

7. Cyber Extortion Cover

C. Services

8. Crisis Communication Cover

9. Consultant Services Cover

Deductible/ Retention: USD or IDR XXX each and every claim

Business Interruption waiting period :XXX hours per event

Extensions: – E-Payment/Contractual Penalties – Sub-limit USDor IDR XXX

– Regulatory Costs and Fines Cover – Sub-limit USD or IDR XX

– Business Interruption Loss and Restoration Costs Cover – Sub-limit


– Hacking Theft Cover – Sub-limit USD XXX

– Cyber Extortion – Sub-limit USD XXX

– Crisis Communication Cover – Sub-limit USDxxx

– Consultant Services Cover – Sub-limit USD xxx

Now why is it so hard to find cover in Indonesia?

First, insurers do not have a large data sample to pool funds and collect information.

Secondly, it is hard to measure actual loss versus fraud loss

Thirdly,  the market is not mature.

How do we assist insurers with these issues:

1. Let us form a consortium of companies requiring Cyber Coverage

2. Work with OJK (the Financial Services Authority in Indonesia OJK Insurance information

3. Collaborate with the Association Indonesian Internet Service Providers   APJII

4. Work with legal resources to form the basic forms and methods of cover  PERADI

5. Collaborate with E-Commerce companies, ATM Switching companies, Banks and other financial institutions

6.  Educate insurers on the need for providing cover and the potential market size (coaching, mentoring)

Together, we can find a solution.


Insurers struggle to get grip on burgeoning cyber risk market

Insurers struggle to get grip on burgeoning cyber risk market

PARIS/BOSTON Mon Jul 14, 2014 1:10am EDT

A lock icon, signifying an encrypted Internet connection, is seen on an Internet Explorer browser in a photo illustration in Paris April 15, 2014.  REUTERS/Mal Langsdon

A lock icon, signifying an encrypted Internet connection, is seen on an Internet Explorer browser in a photo illustration in Paris April 15, 2014.



(Reuters) – Insurers are eagerly eyeing exponential growth in the tiny cyber coverage market but their lack of experience and skills handling hackers and data breaches may keep their ambitions in check.

High profile cases of hackers seizing sensitive customer data from companies, such as U.S. retailer Target Corp or e-commerce company eBay Inc, have executives checking their insurance policies.

Increasingly, corporate risk managers are seeing insurance against cyber crime as necessary budget spending rather than just nice to have.

The insurance broking arm of Marsh & McLennan Companies estimates the U.S cyber insurance market was worth $1 billion last year in gross written premiums and could reach as much as $2 billion this year. The European market is currently a fraction of that, at around $150 million, but is growing by 50 to 100 percent annually, according to Marsh.

Those numbers represent a sliver of the overall insurance market, which is growing at a far more sluggish rate. Premiums are set to grow only 2.8 percent this year in inflation-adjusted terms, according to Munich Re, the world’s biggest reinsurer.

The European cyber coverage market could get a big boost from draft EU data protection rules in the works that would force companies to disclose breaches of customer data to them.

“Companies have become aware that the risk of being hacked is unavoidable,” said Andreas Schlayer, responsible for cyber risk insurance at Munich Re. “People are now more aware that hackers can attack and do great damage to central infrastructure, for example in the energy sector.”

Insurers, which have more experience handling risks like hurricanes and fires, are now rushing to gain expertise in cyber technology.

“It is a difficult risk to price by traditional insurance methods as there currently is not statistically significant actuarial data available,” said Robert Parisi, head of cyber products at insurance brokers Marsh.

Andrew Braunbergon, research director at U.S. cybersecurity advisory company NSS Labs, said that some energy companies have trouble persuading insurers to provide them with cyber coverage as the industry is vulnerable to hacking attacks that could trigger disasters like an explosion in a worst-case scenario.

Pricing on policies for retailers has climbed in the wake of recent high-profile breaches at Target, Neiman Marcus, and other merchants, he added.



Though still very much in its infancy, the market’s potential is vast with cyber crime costing the global economy about $445 billion every year, according to an estimate last month from the Washington-based Center for Strategic and International Studies.

While many companies have in the past counted on their general commercial liability policies for coverage, they are increasingly taking out standalone contracts.

One reason for the change in attitude is a New York state court ruling in February against Sony Corp. The company, which has appealed the decision, had sought to force providers of its general commercial liability insurance to foot the bill for class action lawsuits following a major 2011 cyber attack on Sony PlayStation Network.

“This issue with Sony is that it did not have a standalone cyber product,” said Peter Beshar, general counsel at the Marsh & McLennan Companies.

Target was better protected when some 40 million payment card numbers were stolen last year. It had $100 million in cyber insurance, according to the trade publication Business Insurance.

With low interest rates limiting revenues from insurers’ vast bond portfolios, the extra underwriting income from the fast growing new market is all the more welcome.

The cost of cyber insurance varies depending, but on average $1 million in protection ranges from about $20,000 to $25,000, according to Beshar.

German insurance giant Allianz says its premiums for 10-50 million euros in protection run about 50,000-90,000 euros in annual premiums. For protection of over 50 million euros, companies can get coverage up to 300 million euros through co-insurance policies involving multiple underwriters.

Whether insurers are offering coverage at prices commensurate with the risks is anyone’s guess as long as underwriters have scant experience with hackers.



AXA, Europe’s second biggest insurer, is making a big push into the cyber insurance market, but has so far not paid out a single business claim.

“I would like to see a successful claim, because that would be an experience,” said Philippe Derieux, deputy CEO of AXA’s global property and causality business.

AXA is hiring computer experts and engineers to build up a centralized cyber team, but Derieux said there is a shortage of qualified talent.

“It is hard for insurers and brokers to find people able to handle the product,” Munich Re’s Schlayer said.

That lack of expertise means insurers are failing to identify high-risk clients, because they are not undertaking sufficiently rigorous security evaluations before writing cyber policies, said Bryan Rose, managing director with Stroz Friedberg, a firm that investigates cyber attacks.

This leaves the insurers vulnerable to underpricing their policies.

They often simply ask clients to fill out limited questionnaires that asking whether they have proper security procedures in place, rather than conducting thorough security audits, Rose said.

“There’s a real risk that insurance companies are not appropriately pricing the risk,” Rose said.


(Additional reporting by Jonathan Gould in Frankfurt and Chris Vellacot in London; Editing by Frances Kerry)


Uber Expands Its Insurance for a Future Where Private Cars Are Public Transit

Uber Expands Its Insurance for a Future Where Private Cars Are Public Transit

Uber Expands Its Insurance for a Future Where Private Cars Are Public Transit


Photo: Uber

Photo: Uber

The world appears to be moving towards a future where private vehicles double as public transportation. But the road along the way is far from smooth.

The latest evidence: an announcement this morning from San Francisco ride-sharing startup Uber that it’s expanding insurance coverage for the drivers that make its service go. The company — a poster child of the “sharing economy,” though the company shuns the term — is expanding insurance plans to cover drivers who are running Uber’s app in their personal vehicles but aren’t carrying passengers at the time of an accident. The decision stems from the case of a little girl struck and killed by an Uber driver New Year’s Eve in San Francisco. Because the driver wasn’t carrying a passenger, the girl’s death wasn’t covered under Uber’s insurance policy.

The new policy would provide some coverage as long as a driver for the company’s Uber X service has the app open. The issue is complicated because, as in the case of 6-year-old Sofia Liu’s death, drivers for the company’s Uber X service use their own cars. It might seem obvious that if you’re hit by a yellow taxi, both the driver and the taxi company are liable. But in the gray area of Uber X cars — which are owned by their drivers but are used in work for the company — insurers, regulators, and ride-sharing startups are far from a consensus on who should cover what.

Uber says it’s trying to provide some clarity. And it’s not alone. In a sign of how pressing the “insurance gap” issue has become — and how competitive the race is between ride-sharing startups — the company’s pink-mustached rival Lyft has announced a similar expansion of its insurance coverage. The question is whether these new policies will mollify critics and regulators — and whether companies like Uber and Lyft can profitably run their operations as insurance costs continue to rise.


Uber has always positioned itself as an app-based platform for ride-sharing, not a transportation company, and that has fueled some of the uncertainty around the insurance issue. The company vets drivers before allowing them on its system, and drivers carrying passengers are covered by a $1 million liability policy when they’re working for the company. But just having the Uber app open creates an ambiguous situation. Maybe drivers are actively looking for a fare — which looks a lot like working for Uber. But maybe they’re just checking in to see how busy it is that day. Or perhaps they just keep it open all the time in case they feel like accepting a fare every now and then, even if they’re really on the road just to go to the grocery store.

An attorney for Sofia Liu’s family argued in a wrongful death lawsuit that because the driver in her death had the app open — his attorney says he was actively looking for a fare — he was on the clock for Uber. “Regardless of whether a driver actually has a user in their car, is on their way to a user who has engaged the driver through the app, or simply is logged on to the app as an available driver, Uber derives an economic benefit from having drivers registered on the service,” the suit says.

With its new policy, Uber seems to be splitting the difference. According to the company, its new policy kicks in up to $100,000 in coverage for injuries if a driver’s personal insurance declines the claim. (Uber says that in the case of Sofia Liu’s death, the driver’s insurance company has offered to cover up to the maximum of his plan.) Uber’s “insurance gap” coverage is not as much as the million-dollar policy for cars carrying passengers, but it seems to be Uber’s way of ensuring some level of coverage without making Uber X — the company’s cheapest option — prohibitively expensive.

“The bottom line is that the drivers who use our app and the riders and communities we serve should have the confidence that any potential ‘insurance gap’ is covered with a safety net as governments and insurance companies work out the details of ridesharing in their cities and state,” the company says.

The new plan may help solve this particular controversy, or not. Even if it does, many other issues loom on the horizon. In many of those cities and states, policy makers are questioning whether Uber and similar services should be legal at all. Until that basic question is answered, the ostensibly simple act of sharing a ride is only going to get more complicated.

Marcus Wohlsen

Marcus Wohlsen is a staff writer for Wired Business and the author of Biopunk: DIY Scientists Hack the Software of Life

Read more by Marcus Wohlsen

Follow @marcuswohlsen and @wired_business on Twitter