Security Experts:

Connect with us

Hi, what are you looking for?



Firms Increasingly Interested in Cyber Insurance: Study

Companies in the United States, the United Kingdom and Germany are increasingly interested in taking out cyber insurance, according to a new study commissioned by insurance provider Hiscox.

Companies in the United States, the United Kingdom and Germany are increasingly interested in taking out cyber insurance, according to a new study commissioned by insurance provider Hiscox.

The cyber security readiness study, which involved 3,000 businesses from the three countries, shows that 30% of companies in Germany, 36% in the U.K. and 55% in the U.S. already have cyber insurance. Roughly 30% of the firms that don’t have insurance plan on getting insured in the next 12 months.

The top reasons for taking out cyber insurance are related to the cost of a potential breach and the need for peace of mind, data security concerns, the possibility of customer action, and new data regulations. In roughly one-quarter of cases, cyber insurance is a legal requirement.

Reasons for taking out cyber insurance

More than half of the respondents reported being hit by at least one cyberattack in the last 12 months and the cost of dealing with an incident has been significant. On average, companies in the United States with over 1,000 employees said the largest cyber incident had cost them more than $100,000.

In the case of small U.S. firms, with less than 100 employees, the average cost was roughly $35,000. In the U.K. and Germany, organizations reported spending between approximately $32,000 and $67,000, respectively between $24,000 and $48,000, depending on their size.

The study shows that larger organizations are more likely to be interested in cyber insurance, and financial services is the most insurance-aware sector, with more than half of respondents already having cyber insurance.

Experts pointed out that Germany has been increasingly interested in cyber insurance since the attack on its parliament in 2015. Organizations in Europe are also looking for cyber insurance as a result of the EU’s new data protection regulations, which will take effect in 2018.

Of the companies that do not intend to get cyber insurance, many said the insurance policies are too complicated, they are not exactly sure what cyber insurance is, or they don’t trust the insurer to pay out in the event of an incident.

According to a report published by Allied Market Research (AMR) in December, the global cyber insurance market is expected to generate $14 billion by 2022, which represents a 28 percent increase from 2016.

In the meantime, some security companies have started providing alternatives to the traditional insurance services. San Francisco-based security consulting firm AsTech announced this week that it will be offering a $1 million warranty against breach-related costs if a customer is hacked as a result of a vulnerability that AsTech fails to discover. Endpoint security firm SentinelOne offered similar guarantees last year.

Related: Insurance Firm Directs Response in Madison County Ransomware Attack

Related: Cyber Insurance: Security Tool or Hype?

Related: The Hidden Strategic Advantage in Cyber Insurance

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Data Breaches

GoTo said an unidentified threat actor stole encrypted backups and an encryption key for a portion of that data during a 2022 breach.

CISO Strategy

Cybersecurity-related risk is a top concern, so boards need to know they have the proper oversight in place. Even as first-timers, successful CISOs make...

Management & Strategy

Industry professionals comment on the recent disruption of the Hive ransomware operation and its hacking by law enforcement.

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...

Management & Strategy

Tens of cybersecurity companies have announced cutting staff over the past year, in some cases significant portions of their global workforce.

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...