Global cyber insurance market to grow to over $20 billion by 2025

Cyber risk is a major and fast-increasing threat to businesses with cyber-crime alone costing the global economy approximately $445 billion a year, with the world’s largest 10 economies accounting for half this total and the U.S. accounting for $108 billion, according to Allianz Global Corporate & Specialty (AGCS).

“As recently as 15 years ago, cyber-attacks were fairly rudimentary and typically the work of hacktivists, but with increasing interconnectivity, globalization and the commercialization of cyber-crime there has been an explosion in both frequency and severity of cyber-attacks,” says AGCS CEO Chris Fischer Hirs. “Cyber insurance is no replacement for robust IT security, but it creates a second line of defense to mitigate cyber incidents.”

Increasing awareness of cyber exposures as well as regulatory change will propel the future rapid growth of cyber insurance. With fewer than 10% of companies currently purchasing cyber-specific policies, AGCS forecasts that cyber insurance premiums will grow globally from $2 billion per annum today to over $20 billion over the next decade, a compound annual growth rate of over 20%.

“Growth in the U.S. is already underway as data protection regulations help focus minds, while legislative developments and increasing levels of liability will see growth accelerate in the rest of the world,” says Paul Schiavone, regional head of financial lines in North America.

Previously, attention has largely been focused on the threat of corporate data breaches and privacy concerns, but the new generation of cyber risk is more complex: future threats will come from intellectual property theft, cyber extortion and the impact of business interruption (BI) following a cyber-attack or from operational or technical failure; a risk which is often underestimated.

“Awareness of BI risks and insurance related to cyber and technology is increasing. Within the next five to 10 years, BI will be seen as a key risk and a major element of the cyber insurance landscape,” adds Schiavone. In the context of cyber and IT risks, BI cover can be very broad, including business IT computer systems, but also extending to industrial control systems (ICS) used by energy companies or robots used in manufacturing.

Increasing interconnectivity of everyday devices and growing reliance on technology and real-time data at personal and corporate levels, known as the ‘Internet of Things’, creates further vulnerabilities. Some estimates suggest that a trillion devices could be connected by 2020, while it is also forecast that as many as 50 billion machines could be exchanging data daily.

ICS are another area of concern as a number of these still in use today were designed before cyber security became a priority issue. An attack against an ICS could result in physical damage such as fire or explosion, as well as BI.