According to the latest Issues Brief by the Insurance Information Institute (Triple-I), global direct written premiums for cyber insurance are expected to increase to $23 billion by 2025.
US businesses are expected to contribute approximately 56% of this total, the report said.
The surge is attributed to two main factors outlined in the Triple-I report. First, the omnipresent threat of data breaches and cyberattacks is huge, requiring robust risk mitigation strategies.
Second, insurers have taken significant steps to refine policy coverage and exclusions, thereby improving risk managers’ understanding of product value and helping insurers manage costs and rate stability.
US businesses, the main purchasers of standalone cyber insurance policies, face increased exposure to cyber threats due to their reliance on Internet of Things (IoT) technologies, the proliferation of of remote work setups, and the increased adoption of cloud data storage.
Purchasing standalone cyber insurance policies can prove cost-effective for businesses in the face of data breaches or cyberattacks involving sensitive information.
These policies cover damages that may not be included in general liability insurance policies, such as legal fees, digital infrastructure repairs, restoration of clients’ personal information, and recovery of proprietary data.
Triple-I’s Issues Brief cited IBM’s Annual Data Breach Report, which revealed that in 2023, the average cost of a data breach for organizations rose to $4.45 million, marking a 15% increase over 2020 and a a 2.3% increase from 2022.
The global cyber insurance market has witnessed a three-fold surge in volume in the five years to 2022, with estimated direct written premiums worldwide reaching $13 billion.
Since more than half of these premiums come from US businesses, the National Association of Insurance Commissioners (NAIC) and the US Homeland Security Department’s Cybersecurity and Infrastructure Security Agency (CISA) show a high interest in this domain.
In response, insurers are adopting a more sophisticated approach to underwriting and strengthening policy wording and exclusions. However, they expressed the need for more robust data on attacks and breaches to better predict and manage responsibility.