KEY POINTS

  • Cyber insurance — an insurance product that shields businesses from financial liability incurred from a cyber attack — is one of the few areas of commercial insurance in which demand outweighs supply. We expect total annual global cyber insurance premiums to increase from $3.6 billion in 2016 to $7.5 billion in 2020.
  • Cyber insurance plans vary, but they generally cover the following: revenue lost when a hack causes a service outage; the cost of notifying customers whose information was affected in a breach; the cost of providing credit monitoring and identity theft protection for customers affected by a data breach; and litigation costs stemming from a cyber attack.
  • Healthcare, retail, and financial services have been the most common victims of data breaches over the past few years, so they've had the highest adoption of cyber insurance. According to insurance broker Willis, 50% of healthcare, retail, and technology companies have stand-alone cyber insurance coverage, compared with just 5% of manufacturing companies.
  • There are already opportunities for growth in cyber insurance coverage beyond these industries. Adoption of Internet of Things (IoT) devices and networks will help businesses become more efficient but also make them much more vulnerable to attack. These businesses will then need protection against cyber attack liability.
  • But insurers, such as AIG and ACE Ltd., are hesitant to extend cyber insurance coverage to many businesses because of the enormous potential liability from a cyber attack, and because many companies have little experience detecting or defending against an attack.
  • To mitigate the challenges around offering cyber insurance, insurers are limiting what they will cover and the amount they will insure. They're finding creative ways to test risks and price premiums without much historical data to help them create cyber insurance risk models.

Introduction

Cyber attacks are on the rise, and the costs associated with these attacks for businesses can be enormous. For example, Target's infamous 2013 data breach cost the company more than $250 million.

Total Data BreachesBI Intelligence

As a result of this threat, industries likely to be affected by such attacks are increasing their cybersecurity budgets. But even [...]