In accordance with the Insurance Information Institute’s (Triple-I) latest Issues Brief, global direct written premiums for cyber insurance are projected to escalate to $23 billion by 2025.
U.S. enterprises are anticipated to contribute approximately 56% to this total, the report noted.
The surge is attributed to two primary factors outlined in Triple-I’s report. Firstly, the omnipresent threat of data breaches and cyberattacks looms large, necessitating robust risk mitigation strategies.
Secondly, insurers have made substantial strides in refining policy coverage and exclusions, thereby enhancing risk managers’ comprehension of product value and aiding insurers in managing costs and rate stability.
U.S. businesses, the primary procurers of standalone cyber insurance policies, confront augmented exposure to cyber threats due to their reliance on Internet of Things (IoT) technologies, the proliferation of remote work setups, and the increased adoption of cloud data storage.
Purchasing standalone cyber insurance policies can prove cost-effective for businesses in the face of data breaches or cyberattacks involving sensitive information.
These policies cover damages that may not be included in general liability insurance policies, such as legal fees, digital infrastructure repairs, restoration of clients’ personal information, and recovery of proprietary data.
Triple-I’s Issues Brief cited IBM’s Annual Data Breach Report, revealing that in 2023, the average cost of a data breach for organisations soared to $4.45 million, marking a 15% increase over 2020 and a 2.3% uptick from 2022.
The global cyber insurance market witnessed a threefold surge in volume over the five years leading up to 2022, with estimated direct written premiums worldwide reaching $13 billion.
Given that more than half of these premiums originate from U.S. businesses, both the National Association of Insurance Commissioners (NAIC) and the U.S. Homeland Security Department’s Cybersecurity and Infrastructure Security Agency (CISA) are displaying heightened interest in this domain.
In response, insurers are adopting a more sophisticated approach to underwriting and fortifying policy wording and exclusions. However, they express the need for more robust data on attacks and breaches to better predict and manage liability.
