The worldwide cybersecurity market is defined by market sizing estimates that range from $77 billion in 2015 to $170 billion by 2020. Nonetheless, even at such a scale, cybersecurity service providers are not able to tame imaginative and aggressive pool of talented hackers, exposing vast amount of private data to the public or using it for personal financial gain.
While part of an entrepreneurial community works on eliminating/preventing a threat using advanced technologies, another part created an industry to address hardships organizations experience as a result of a successful cyberattack. Both elements of the ecosystem are equally important. However, since there is little to no chance of completely eliminating the threat, it's vitally important to be able to deal with consequences of a cyber-disaster should one occur.
In response to increasing connectivity across industries and accelerated accumulation of sensitive data in the global Web and on private servers, the global cyber-insurance market is estimated to grow to $5 billion in annual premiums by 2018 and at least $7.5 billion by the end of the decade.
Paul Delbridge, Partner at PwC, emphasized that, “Sustaining credibility in the cyber-risk market is crucial when looking to become a leader in this fast growing market. If this trust is compromised, and with innovative competitors knocking on the door, it would be extremely difficult to restore brand reputation.”
Indeed, businesses across industries recognize the importance of cyber-insurance in today’s increasingly complex and high-risk digital landscape – the cost of cybercrime in the US alone is estimated to be at approximately $100 billion annually. As reported by the WSJ, in 2015, the British insurance company Lloyd’s estimated that cyberattacks cost businesses as much as $400 billion a year, which includes direct damage plus post-attack disruption to the normal course of business. Some vendor and media forecasts over the past year put the cybercrime figure as high as $500 billion and more.
The scale of the problem has direct implications on business sustainability and top executives do understand the threat: 71% of insurance CEOs, 79% of banking CEOs (the highest of any sector) and 61% of business leaders across all industries see cyberattacks as a threat to growth, ranking it higher than shifts in consumer behavior the speed of technological change and supply chain disruption. Being at the forefront of both cybercrimes and funds poured into cybersecurity, four banking industry giants – JPMorgan Chase & Co. ($500 million), Bank of America ($400 million), Citigroup ($300 million) and Wells Fargo ($250 million) – are ready to collectively spend $1.5 billion on cybersecurity annually.
To address the problem, carriers develop insurance products to capitalize on the opportunity. The London insurance market – the largest in the world – is predicting a surge in companies and individuals taking out policies against cyberattacks in 2017 after a 50% rise this year, the Financial Times reports. The edition states that the total cyber-insurance written premium around the world is estimated at $2.5 billion, and that could reach $20 billion by 2025.
Regardless of the value and increasing importance of cyber-insurance products, insurance industry representatives admit that cyber-insurance capacity is small compared to insurance markets covering other property and casualty risks. Moreover, some surveys suggest that a number of major gaps exist between the cyber-insurance market and cybersecurity professionals: one problem is the terminology different professionals use – particularly when discussing the concept of ‘risk’. Security experts see the term as meaning vulnerabilities to a security system, while insurers interpret it as the monetary cost of a breach.
Another problem emphasized by experts is the varying standards attributed to the most important cybersecurity measures, and the amount of money that should be invested in cybersecurity in comparison to cyber-insurance.
As a result, only 48% of chief information security officers and other security professionals are reported to be finding cyber-insurance ‘adequate’ when recovering from a breach.
Cyber-insurance industry is expected to grow at an unprecedented pace in lieu with the growth of IoT and accelerated digitization across industries. There are now more than 60 insurance companies offering standalone cyber-insurance policies in America, bringing the corporate cyber-insurance market in the country to a worth of over $3 billion annually, since cyber-breaches are becoming more expensive for an organization affected (the average breach in 2016 cost $7 million, which represents the third-costliest business risk this year).