The issue of digital risk insurance is becoming increasingly relevant as part of the introduction of various digital logistics solutions into the daily life of this market segment. It is also considered on the broker training.
In the world practice, insurance of information risks in logistics plays an increasingly prominent role. Within the framework of Russian realities and the increasing digitalization of the logistics industry, this issue also poses new challenges for insurance companies and legislators.
Cyber risk insurance is relevant for almost all companies and types of transport logistics. Any company that exchanges information in an external environment can be exposed to the risk of an external attack. For example, the sender of the goods reports data on the mode of travel or the carrier to the recipient. In addition, today the industry standard is the practice of signing an application or part of documents electronically.
In general, information risk insurance is designed to protect information from hacking, damage or loss of data, in the event that these risks are not systemic. Unfortunately, such risks are characterized by many individual parameters that significantly complicate the insurance process. Insurance companies treat risks of this kind extremely cautiously and even negatively. We are talking about reputational risks or lost profits. When a shipping company or logistics center is attacked and confidential customer data is exposed to the public, this can have a very negative impact on the company’s rating, as well as the results of its future tenders. Also, insurance companies will refuse to insure lost profits, and this is exactly what digital risk is all about. Here we are talking about the leakage of information about ongoing contracts and the prices at which certain goods are supplied. Due to the appearance of such data in the hands of competitors, they will be able to intercept your contracts in the future. Preliminary assessment of the damage in such situations is almost impossible.
Today, there are no transparent schemes for calculating the damage from data loss or system hacking. The methodology dictated by judicial legislative practice is very close to the methodology for determining moral damage. Unfortunately, according to subjective estimates, the payout in such situations in our realities is always much less than real losses.
Even now, insurance companies are very reserved in offering such products. The product that is in their case is characterized by extremely lengthy wording and, as a rule, is absolutely not profitable for carriers. And although the number of such proposals from insurance companies is increasing, customers have to involve their own experts, substantiate and correct those clauses in the contracts that relate to cyber risks. And this does not exclude the occurrence of lengthy litigation, the cost of which devalues the payments received.
In order for all market participants to painlessly protect themselves from information risks, it is necessary to form a completely new section of the legislation of the Russian Federation. The very concept of information risk and what is the basis for calculating possible damage should be defined there. Formalization of this part of legal disputes will allow not engaging in a tug-of-war with the involvement of many multidirectional specialists whose opinions are opposite to each other, as is happening now, they simply do not coincide. The formalization of this part will make it possible to develop a unified expert approach and form an expert community that is able to assess the potential or actual damage from the incident.