Digitalisation is increasing exposure to cyberattacks throughout society, though as the risk landscape grows, so does awareness and demand for commercial and personal coverage, says the Swiss Re Institute.
Swiss Re forecasts global cyber insurance premiums to reach $23 billion by 2025, from an estimated $10 billion in 2021.
It adds that in the US, the largest cyber market, premiums grew by 74% in 2021, with standalone policy premiums increasing 92%.
Amid this rise, smaller companies with lower cyber-defence capacity are at the forefront of demand, says the Institute, adding that whether this demand converts into premiums depends on SMEs’ ability to afford coverage.
Swiss Re estimates that half of small businesses go under within six months of a cyberattack. To combat this, it adds that SMEs should be aware that incident-related costs including forensics, regulatory compliance(s), and legal and internal costs accumulate fast and can compromise operations.
Further, it also suggests that cyber insurance may help to fill the protection gap with policies that typically cover most of these elements and offer privileged access to a network of specialised service providers to facilitate prompt intervention.
However, the Institute does observe that not all cyber risks are insurable. The risk of a catastrophic event stemming from geopolitical conflicts or critical infrastructure failure – along with the human nature of the risk and difficulties quantifying the potential liability – keep capacity and expansion constrained in cyber insurance.
This leaves a revenue opportunity on the table for insurers and decreases society’s cybersecurity resilience, states Swiss Re.
The Institute concludes that a larger cybersecurity employee base, better modelling and data, and new sources of capital are all necessary to provide a resilient security infrastructure.
Meanwhile, on a related note, Gallagher Re released a report recently suggesting that the ever-changing size and scope of the cyber industry means that claims are often of a vector, frequency or magnitude that are still missing from the cyber models.