Security Experts:

Connect with us

Hi, what are you looking for?



Firms Increasingly Interested in Cyber Insurance: Study

Companies in the United States, the United Kingdom and Germany are increasingly interested in taking out cyber insurance, according to a new study commissioned by insurance provider Hiscox.

Companies in the United States, the United Kingdom and Germany are increasingly interested in taking out cyber insurance, according to a new study commissioned by insurance provider Hiscox.

The cyber security readiness study, which involved 3,000 businesses from the three countries, shows that 30% of companies in Germany, 36% in the U.K. and 55% in the U.S. already have cyber insurance. Roughly 30% of the firms that don’t have insurance plan on getting insured in the next 12 months.

The top reasons for taking out cyber insurance are related to the cost of a potential breach and the need for peace of mind, data security concerns, the possibility of customer action, and new data regulations. In roughly one-quarter of cases, cyber insurance is a legal requirement.

Reasons for taking out cyber insurance

More than half of the respondents reported being hit by at least one cyberattack in the last 12 months and the cost of dealing with an incident has been significant. On average, companies in the United States with over 1,000 employees said the largest cyber incident had cost them more than $100,000.

In the case of small U.S. firms, with less than 100 employees, the average cost was roughly $35,000. In the U.K. and Germany, organizations reported spending between approximately $32,000 and $67,000, respectively between $24,000 and $48,000, depending on their size.

The study shows that larger organizations are more likely to be interested in cyber insurance, and financial services is the most insurance-aware sector, with more than half of respondents already having cyber insurance.

Experts pointed out that Germany has been increasingly interested in cyber insurance since the attack on its parliament in 2015. Organizations in Europe are also looking for cyber insurance as a result of the EU’s new data protection regulations, which will take effect in 2018.

Of the companies that do not intend to get cyber insurance, many said the insurance policies are too complicated, they are not exactly sure what cyber insurance is, or they don’t trust the insurer to pay out in the event of an incident.

According to a report published by Allied Market Research (AMR) in December, the global cyber insurance market is expected to generate $14 billion by 2022, which represents a 28 percent increase from 2016.

In the meantime, some security companies have started providing alternatives to the traditional insurance services. San Francisco-based security consulting firm AsTech announced this week that it will be offering a $1 million warranty against breach-related costs if a customer is hacked as a result of a vulnerability that AsTech fails to discover. Endpoint security firm SentinelOne offered similar guarantees last year.

Related: Insurance Firm Directs Response in Madison County Ransomware Attack

Related: Cyber Insurance: Security Tool or Hype?

Related: The Hidden Strategic Advantage in Cyber Insurance

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...

Data Breaches

LastPass DevOp engineer's home computer hacked and implanted with keylogging malware as part of a sustained cyberattack that exfiltrated corporate data from the cloud...

Application Security

GitHub this week announced the revocation of three certificates used for the GitHub Desktop and Atom applications.

Data Breaches

GoTo said an unidentified threat actor stole encrypted backups and an encryption key for a portion of that data during a 2022 breach.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...


Twenty-one cybersecurity-related M&A deals were announced in December 2022.