Cyber insurance market to grow by 20% every year till 2023
31 May 2018
New research has revealed that cyber insurance claims globally in 2017 were as many as the number of claims filed in the previous four years combined and that the arrival of GDPR will ensure a fresh surge in cyber insurance claims to cover the costs of data breaches and other security incidents.
AIG’s new report titled “Cyber insurance claims: Ransomware disrupts business” has revealed that thanks to the availability of cyber insurance policies, organisations who have suffered security breaches will be more inclined to report such breaches so as to recover the cost to their operations.
Ransomware the main cause of cyber insurance claims
The report also revealed that ransomware attacks were the principal factor behind insurance claims in 2017, accounting for 26 percent of all claims, up from a mere 16 percent in the four years between 2013 and 2016. While data breaches due to cyber attacks accounted for 12 percent of all claims, 11 percent of claims mentioned unauthorised access and security failure as principle reasons.
“The combination of leaked National Security Agency tools plus state-sponsored capabilities triggered a systemic event. The WannaCry outbreak, which hit hundreds of thousands of machines around the world, could have been worse in terms of scale and insured losses if a UK researcher hadn’t quickly found and activated the kill switch,” said Mark Camillo, head of cyber for Europe Middle East Asia at AIG.
Thanks to the persistent threat of cyber attacks that frequently results in loss of brand reputation and financial losses for businesses globally, a large number of organisations are embracing cyber insurance to ensure their survival and to preserve their reputation among customers.
Cyber insurance market to touch £12,769 million by 2023
According to a recent report from P&S Market Research, “since the persistent threat of cyber-crime continues to rise globally, the trend of intrusion of unauthorized access entities into critical data and illegitimate access to private and confidential business information also rises. This has led to huge loss of enterprise value, which is expected to continue over a period of time. Thus, with this loss getting huge day by day, the adoption of cyber insurance is predicted to escalate in the years to come”.
“The increasing interconnectivity, commercialization, and globalization of cybercrime are driving greater frequency and severity of cyber incidents, including past data breach incidents. This has directly impacted the growth of the cyber insurance market positively. From individual companies to government organizations, an attack by hacker can inflict huge financial loss, corporate embarrassment, and business continuity failure.
“High profile computer breaches in recent past, such as hack of Democratic National Committee and Twitter, are reinforcing the need for protection and insurance against cyber threats.
“This had led to increase in the demand for cyber liabilities and sophisticated policy cover by business leaders, to protect the enterprise data from cyber-attacks and cyber criminals,” the report added, stating that the global cyber insurance market is expected to touch $16,970 million (£12,769 million) by 2023 and will grow over 20% CAGR between 2017 and 2023.
Mad rush for cyber insurance
Earlier this year, Char van der Walt of security firm SecureData said in an interview given to BBC that in their haste to purchase cyber insurance policies, businesses were probably not looking at the best ways to protect enterprise and customer data but merely complying with minimal requirements.
“Unfortunately this will mean that businesses of all sizes will seek out the minimum cyber-security investment laid out by insurers, government, and regulators, rather than going above and beyond to protect their own, and their customers’ data,” he said.
However, if not planned in advance and not tailor-made as per business requirements, cyber insurance policies could do little, in the long run, to shield businesses from enterprising hackers.
“At first glance, it may sound like good news that companies care about cybersecurity and invest in related insurance products. However, in many cases, it simply means that the organizations have given up on securing their premises and data, and are instead preparing themselves to pay premiums to cover inevitable breaches rather than investing in information security solutions and services. In the long term, it may simply mean a decline for cybersecurity companies whose offerings will become economically impractical,” says Ilia Kolochenko, CEO of High-Tech Bridge.
“For companies who consider buying the insurance, I’d recommend carefully reading every single line of the contract to ascertain that it covers pertinent and relevant risks. All companies have their own unique cyber risks and threat models, and thus a one-size-fits-all insurance may simply be useless at the end of the day,” he adds.
Jeremiah Grossman, chief of security strategy at endpoint security software developer SentinelOne, told SearchSecurity that what’s challenging operationally for the entire ecosystem is that the primary buyer of business insurance is the CFO and the risk department that doesn’t know enough about cybersecurity. And it’s being sold to them by an insurance broker who certainly doesn’t know cyber insurance.
“Every policy that you’ll read – and I’ve read probably a hundred of them now — is different. There are no standards. It’s a Wild West out there. In many cases, it looks like they took a property or fire insurance policy and substituted fire with computer, and it doesn’t really map that way.
“When it’s a large policy – let’s say it’s over $100 million – there will be a survey that gets funnelled down to the CISO that says: ‘Tell me about your IT environment,’ which will not move the premium one way or the other. And that’s the last time a CISO ever touches a cyber insurance policy, predominantly,” he added.