Cyber Insurance Growth in a Rapidly Evolving Market

The cyber insurance market is growing rapidly, driven by increasing cyber threats and the need for businesses to protect themselves against data breaches and cyber attacks. In 2020, the global cyber insurance market size was valued at $6.7 billion.

As a result, many companies are now purchasing cyber insurance policies to mitigate their risk. According to a recent survey, 71% of companies have purchased cyber insurance, with 45% of those purchasing it in the last two years.

The growth of the cyber insurance market is also being driven by the increasing number of high-profile cyber attacks. In 2020, there were over 1,000 reported data breaches, resulting in the theft of over 37 billion records.

Cyber insurance is growing rapidly due to increased awareness of the risks associated with cyber attacks.

The rise of remote work has led to a significant increase in cyber threats, making cyber insurance a must-have for many businesses.

According to a recent study, the global cyber insurance market is expected to reach $20 billion by 2025.

Cyber attacks are becoming more sophisticated, and the cost of a single data breach can be as high as $3.92 million.

The average cost of a cyber attack is $1.39 million, making it essential for businesses to have cyber insurance to mitigate these costs.

The increasing number of data breaches and cyber attacks has led to a surge in demand for cyber insurance policies.

Businesses are looking for ways to protect themselves from cyber threats, and cyber insurance provides a vital layer of protection.

The global cyber insurance market is expected to grow at a CAGR of 25% from 2020 to 2025.

Cyber insurance policies are designed to provide financial protection against cyber attacks, data breaches, and other cyber-related risks.

A recent survey found that 71% of businesses believe that cyber insurance is essential for their business operations.

Cyber threats are on the rise, and it's essential to understand the risks involved. Data breaches will become more common, especially with the growth of mobile data, which will surge to 76% by 2029 due to 5G technology.

The value and criticality of data will continue to push the emergence of hack-for-hire and data theft services. Even the most advanced data breaches will involve the human element in approximately 90% of instances. Cyberattacks will become increasingly automated and personalized, as well as cheaper and faster to distribute at scale in all languages.

The threat landscape is evolving, with attackers using AI-driven phishing emails and vishing calls to scam victims. The development of new malicious LLMs such as WormGPT will equip less tech-savvy actors with attack capabilities.

Supply Chain Vulnerabilities are a significant threat to organizations.

The dependency on software and hardware supply chains and digital services will continue to rise, making them an attractive target for attackers.

Munich Re experts predict a surge in hacks across networks of suppliers, manufacturers, and providers within digital supply chains.

This includes IT/OT/IoT networks, which are becoming increasingly vulnerable to cyber attacks.

The World Economic Forum study (WEF 2024) found that 41% of companies surveyed have been affected by a third-party cyber incident.

Small and medium-sized suppliers are being targeted by hackers, who aim to gain access to their larger customers' systems.

The cost of software supply chain attacks is expected to increase from $46 billion in 2023 to $60 billion in 2025, according to Juniper Research.

Data breaches are a growing concern, and it's not just about technology. By 2024, privacy regulation will cover three quarters of consumer data worldwide, but many organizations will struggle to comply.

The rapid growth of data, driven by 5G and technology, is making it harder to keep up. 5G will account for 76% of mobile data traffic by 2029.

Video traffic is the main culprit, making up 80% of mobile data by 2029. This is a significant escalation from the current 70%.

The human element is still a major factor in data breaches, with AI-enhanced spear phishing only involved in about 10% of instances.

Artificial intelligence is becoming increasingly mainstream, but its long-term impact remains difficult to predict. Large language models and generative AI have the potential to be deployed by both state and commercial actors in multiple domains.

Cyberattacks are expected to become increasingly automated and personalized, as well as cheaper and faster to distribute at scale in all languages. This is due in part to the use of AI-driven phishing emails and vishing calls to scam victims.

The development of new malicious language models, such as WormGPT, will equip less tech-savvy actors with attack capabilities. This is a concerning trend that highlights the need for increased cybersecurity measures.

On the other hand, AI capabilities will also increasingly augment the efforts of cyber defenders. AI can be used to strengthen detection and response capabilities, as well as improve attribution of cyber-attacks to adversaries.

Here are some examples of how AI is expected to impact the insurance sector:

Despite these promising use cases, AI cannot replace the expertise and knowledge required for excellent understanding and underwriting of cyber risk at present.

Cyber insurance growth is a significant concern for businesses in the United States, with cybercrime on the rise.

Cybercrime is a major issue in the US, with companies facing significant threats. Cyber insurance can help mitigate these risks.

In the UK, business cybersecurity is a top priority, with companies investing heavily in protection.

Commercial liability insurance is a key component of a comprehensive cyber insurance policy.

Here's a breakdown of the key industry trends:

The cyber insurance market has seen significant growth over the past five years, almost tripling in size. This is largely due to the increasing commitment of reinsurers and the growing interest in cyber risks from capital markets.

Large companies still dominate the market, accounting for the majority of premiums, while small and medium-sized enterprises (SMEs) bear most of their cyber risks on their own. This highlights the need for insurers to increase their penetration in the SME market.

According to Munich Re's Cyber Risk and Insurance Survey 2024, insurers face a major challenge in closing the gap between economic losses and insured losses. This is a crucial issue, as the growth of cyber risks in a digitized economy demands higher insurance penetration.

The insurance industry is working to address this challenge by offering a range of solutions that are convincing to the uninsured. However, ensuring that insurance cover is sufficient and offered on a sustainable basis remains a key focus.

Here are some key statistics on the current state of the cyber insurance market:

The demand for cyber insurance from SMEs is expected to fuel growth and price stability in the market over the next few years. This is a significant opportunity for insurers and brokers to tap into a previously underserved demographic.

According to Xing Xin, CEO of Upfort, there are enough insurers waiting to write more business around cybersecurity to keep prices stable in the short term. However, increased claims frequency and severity could eventually impact underwriting and rates.

Governmental Protection plays a crucial role in managing catastrophic cyber risks. The insurance industry's risk-bearing capacity has natural limitations, and damage from systemic events like cyber war or infrastructure outage would exceed its capacity.

Cyber insurance has helped build a layer of resilience, but it's not enough to mitigate the most severe systemic risks. These risks pose a threat to macroeconomic stability, making it essential for governments to get involved.

The insurance industry recognizes its limitations and is advocating for economic cyber protection as a precautionary measure of last resort. Munich Re is supporting the development of solutions and calling for the implementation of governmental backstops.

The most severe systemic cyber risks, such as critical infrastructure failure or damage from cyber warfare, cannot be borne by the private sector. Governments and the insurance industry must work together to manage these risks.

Jürgen Reinhart, Chief Underwriter Cyber at Munich Re, emphasizes the need for joint management of these risks. He notes that the insurance industry plays its part in mitigating risks, but the most severe risks require alternative solutions.

Leading U.S. cyber insurers wrote over $1.5 billion in direct cyber security premiums in 2023.

Cyber insurance companies in the U.S. are growing in number and size, but the market share of the largest companies is still relatively low, with the top 5 companies holding less than 30% of the market.

The number of first party and third party cyber insurance claims for packaged policies in the U.S. increased steadily from 2015 to 2021, with a total of over 10,000 claims in 2021.

In France, the loss ratio among cyber insurance companies was consistently high from 2019 to 2022, indicating that the companies were paying out more in claims than they were collecting in premiums.

A significant share of companies with cyber insurance in France have submitted a claim after a cyberattack, with over 40% of companies having done so in 2021 and 2023.

Here are some key statistics on cyber insurance claims:

The cyber insurance industry is still in its early stages, but it's growing rapidly. In 2016, U.S. insurance companies incurred only $356 million in claims from policyholders, which is less than 1% of estimated losses.

Leading U.S. cyber insurers have been writing more explicit contracts to define what is or is not covered, which should help limit lawsuits and disputes over cyber coverage.

The cyber insurance market is expected to grow as insurers acquire more historical data on cyber loss events. However, modeling cyber risk remains a challenge, as yesterday's attacks don't necessarily inform us about tomorrow's risks.

The insurance sector has provided comprehensive coverage for natural catastrophes, which may provide a way forward for the cyber insurance market. In fact, 50% of losses between 2015 and 2018 were paid by insurers for natural catastrophes.

Here are the leading U.S. cyber insurers in 2023, by direct cyber security premiums written:

The market share of largest U.S. cyber insurance companies in 2023 is as follows:

In Europe, cyber insurance policies were available in various types in 2019, including:

The loss ratio among French cyber insurers was 63% in 2019, 64% in 2020, 65% in 2021, and 66% in 2022.

Claims are a crucial aspect of insurance, and cyber insurance is no exception. In 2021, 63% of ransomware attacks worldwide were covered by cyber insurance, with the healthcare industry having the highest coverage rate at 74%.

The number of cyber insurance claims for U.S. packaged policies has been steadily increasing over the years, from 1,430 claims in 2015 to 13,440 claims in 2021. This is likely due to the growing threat of cyber attacks and the increasing awareness of the importance of cyber insurance.

In terms of payouts, the global cyber insurance payouts after ransomware incidents from 2019 to 2021 were mostly for business interruption, with 43% of payouts going towards this type of loss. This highlights the significant impact that cyber attacks can have on businesses.

Here is a breakdown of the number of first party and third party cyber insurance claims for packaged policies in the United States from 2015 to 2021:

The number of first party claims has been increasing at a faster rate than third party claims, indicating that businesses are more likely to file claims for their own losses rather than for losses suffered by others.

In France, 21% of companies with cyber insurance had ever submitted a claim after a cyber attack in 2023, up from 14% in 2021. This suggests that more companies are taking advantage of their cyber insurance policies to recover from cyber attacks.