Nick Dow's blog : How cyber risks are insured in different countries
This Largest cyber underwriters in the
United States, according to A.M. Best research & data. The entire property
& casualty insurance industry underwrote approximately $5 bn of U.S. cyber
insurance premiums, according to Beinsure Media Research Top
Cyber Insurance Companies. TOP 20 Cyber Insurance Companies in the U.S.
market account for more than $4 bn of direct premiums written. The market is
further expected to grow in the forecast period of 2023-2028 at a CAGR of 11.9%
to reach over $266.9 bn by 2027. The cyber insurance market is anticipated to
maintain favorable premium growth and underwriting results through 2023;
however, pricing will likely moderate further this year in response to recent
profits and competitive factors. For any companies that store financial,
personal health, or other client data, a comprehensive cyber insurance plan is
a must. Over 500 insurers now provide this type of insurance, it’s important to
get to know more about the different groups when shopping around. Global Cyber
Insurance Ranking worldwide and largest underwriters in the cyber insurance
sector. Insuramore has updated its 2023 global ranking of insurer groups as
measured by cyber insurance gross direct premiums written (GDPW). The cost of
cybersecurity insurance premiums is determined by a range of factors, including
the size, nature, and location of the business. Data shows that the average
cost of cyber insurance in the US was $1,485 annually. The firm, however, noted
that due to the spate of cyberattacks in 2022, premium prices are likely to
soar as well.
Allied Market Research estimates that the global cyber risk insurance
market will reach $14 billion by 2022 and will reach $20 billion in 2025,
according to Allianz. Fitch, to $1.35 billion, but they believe that in reality
it is more.
But cyber premiums are a drop in the bucket for the overall insurance
market. In 2015, US insurers collected $1.5-3 billion of such premiums,
according to a February study by Deloitte (the company cites estimates from
regulators and rating agencies). And the total amount of premiums
collected in the US in 2015 amounted to $505.8 billion. In October 2016, only
29% of US companies had a cyber risk insurance policy.
A surge in demand for cyber risk insurance is noted every time there is
a high-profile hacker attack, experts interviewed by the WSJ say. This was
the case, for example, after the attack on Yahoo servers in 2014, when hackers
cracked 500 million user passwords; cyberattacks on the US Democratic
National Committee in June 2016 and hacking of the Equifax credit bureau IT
system, as a result of which the personal data of 300 million people could fall
into the wrong hands.
In 2017, Wannacry and Petya ransomware affected hundreds of thousands of
computers around the world. One of the victims was the Danish industrial
conglomerate Moller-Maersk, which owns the world's largest container shipping
business, its losses will amount to $ 200-300 million, writes WSJ. At the
insurance company AIG, demand for cyber risk insurance increased by 87% in Asia
after the Wannacry attacks, and by 38% globally, according to the FT.
Tryg, Denmark's largest insurer, expects 90% of its customers to be insured for cyber risks in five years. "There are no corporate clients these days that don't insure buildings and cars," Tryg CEO Morten Hubbe told Reuters. “I think in a few years it will become just as obvious that you need to insure cyber risks.”
Sell a pig in a poke
The cyber risk insurance market could grow even faster - the potential
demand is quite large - if not for its immaturity. Insurers do not
understand what they are selling, and their customers - what they are
buying. “There are so many new insurance products that have not yet been
tested,” Tim Francis, vice president of Travelers insurance company, told the
WSJ, “that one day insurance claims will begin to come in, and then we will
know if the words we used mean in policies, exactly what we had in mind. But
often lawyers have to deal with this, he adds.
“What happens if tomorrow a certain web host is DDoS attacked or hacked
and the companies that use it cannot serve their customers? How do we know
that those who buy a cyber risk insurance policy from us do not store
everything in one basket - cloud service, web hosting, mail server, SaaS
(software as a service)? - notes one of the insurers who participated in
the Deloitte study.
Several Deloitte respondents compared the risks associated with
cyberattacks with those of terrorist attacks: in both cases, a group of
individuals intentionally tries to cause damage, such attacks can occur
anytime, anywhere, and anyone can suffer from them. Because of the fear of
incurring huge losses, many insurance and reinsurance companies after September
11, 2001 ceased to insure the risks associated with terrorism. “Ultimately
it comes down to the fact that we do not understand the risks we are taking,”
another insurer told Deloitte. “We don’t have enough information about
where the source of the risk is so that we can reduce it.”
There is a real arms race in the cyber sector in the world, and several
dozen countries have the opportunity to carry out a large-scale cyber attack,
says Bruce Boland, IT director for Asia at FireEye, a security
company. “Insurance policies usually do not cover military
action. And this means that the definition of cyber attacks becomes
extremely important: who knows who is behind them? he says.
But even if there is an insurance policy against cyber risks, it is not
certain that in the event of a hack, it will cover all losses. Moreover,
for example, reputational damage may not immediately appear. In June 2014,
China Bistro, a US-based restaurant chain that paid $134,000 a year for the
service, learned that 60,000 customers' credit card numbers had been stolen
from it by hackers. The insurer paid China Bistro $1.7 million in
investigation and legal costs, but the chain itself had to pay $1.9 million to
the card processor, WSJ writes.