The global cyber insurance market is expected to generate $14 billion by 2022, according to a new report published by Allied Market Research (AMR). That figure represents an impressive compound annual growth rate (CAGR) of nearly 28% from 2016 to 2022.
North America constituted the largest cyber insurance market share in 2015, which is expected to dominate the market during the forecast period.
"Increase in awareness about cyber risks from boardroom to data centers owing to the rising number of cyber-attacks in the past 2-3 years is the prime factor that drives the market," the report explains. "However, complex and changing nature of cyber risks limits cyber insurance market growth. Low market penetration of cyber insurance policies in developing countries offers promising business opportunity for market players."
In terms of verticals, healthcare organizations currently generate roughly one-third of the total premiums, the report said, noting that in the United States approximately 78% of hospitals do have a cyber insurance policy.
In terms of orgaziational size, large companies generated approximately 70% of the overall cyber insurance market revenue in 2015, with North America dominating the industry with around 87% of the overall cyber insurance market last year.
“Mandatory legislation regarding cyber security in several U.S. states has led to higher penetration of cyber liability insurance policies,” AMR explained. “The U.S. cyber insurance industry has become mature, and growth of the cyber insurance industry is projected to decrease owing to rising adoption of cyber liability insurance policies. Europe has very less penetration of cyber insurance liability policies as compared to that of the U.S. The European council has recently passed regulations regarding data protection and security, which are projected to be brought into effect in 2018. These regulations would oblige companies to purchase cyber insurance policies. Though Asia-Pacific accounts for negligible percentage share, it is expected to grow at a significant CAGR during the forecast period owing to a significant increase in ransomware attacks.”
By comparison, a report (PDF) from PwC estimate that annual gross written premiums are set to increase from around $2.5 billion in 2015 to $7.5 billion by 2020.
“The cyber insurance market will Cyber insurance is a potentially huge, but still largely untapped, opportunity for insurers and reinsurers,” PwC said.
“Many insurers face considerable cyber exposures within their technology, errors & omissions, general liability and other existing business lines,” PwC cautioned. “The immediate priority is to evaluate and manage these ‘buried’ exposures.”
"Cybercrime is still a serious threat and no longer is considered as a risk covered under traditional network security insurance product," Yogiata Sharma, Research Analyst, Consumer Goods Research at AMR, said in a statement. "Organizations from all industries need coverage for liability and property exposure which is a result of cyber-attacks. This is an opportunity for insurers and reinsurers to innovate cyber insurance products that manage various degrees of risks and cover cost-associated data breaches, credit monitoring, forensic investigations, reputation management, and business interruption."
Key players in the cyber insurance market include American International Group (AIG), Chubb, Zurich Insurance, XL Group Ltd (Ireland), Berkshire Hathaway (U.S.), Allianz Global (Germany), Munich Re Group (Germany), Lloyd's (U.K.), Lockton (U.S.), and AON PLC (U.K.).
While cyber insurance can help companies cover costs associated with damaging cyber attacks and data loss, it’s important to remember what cannot be covered, such as theft of intellectual property and remediation of a breach, reminds SecurityWeek contributor Joshua Goldfarb.
“It’s easy to cynically view cyber insurance as yet another fad creating noise in the already crowded security market,” Goldfarb writes. “What’s harder is truly understanding all of the necessary components in a sound and strategic risk mitigation strategy. Cyber insurance, like any tool, will not solve all of an organization’s problems. But it can help an organization round out its risk mitigation strategy.