Over the last five years, the number of Marsh’s US clients purchasing cyber insurance has doubled, from 19% in 2014 to 38% in 2018, according to a new report by the global re/insurance broker.
The report indicates that as risk awareness has grown, cyber insurance products have evolved to address a variety of privacy and operational exposures, making coverage more attractive to buyers in a broader set of industries.
Meanwhile, insurers have began to more carefully define the boundaries of property, casualty, and cyber policies; property insurers for example are generally no longer willing to provide coverage for business interruption caused by network intrusions.
These losses are increasingly expected to be covered under cyber policies, which have expanded to respond to a wide variety of potential risks while still being competitively priced.
In addition, Marsh says the severe economic and operational disruptions caused by the 2017 WannaCry and NotPetya malware attacks continue to haunt organisations with no heavy use or handling of personally identifiable information (PII), including manufacturers, logistics companies, and others.
Those attacks, coupled with more recent, high-profile ransomware incidents, have made clear that cyber threats have evolved from data breach and theft to now include business interruption and supply chain disruption.
As a result, more organisations that may not have traditionally viewed themselves as at risk from cyber-attacks are now purchasing cyber insurance
Cyber policy limits also grew in 2018, with average limits purchased by all companies rising 11% to $20.9 million in 2018.
Among companies with more than $1 billion in revenues, average limits purchased increased by more than 25% in 2018, to $62.4 million.
Marsh concludes by stating that the market should remain stable for the remainder of 2019, barring a market-changing event.
Theoretical aggregate capacity in the cyber insurance market increased to $1.8 billion in 2018, a threefold increase from 2015.