As data breaches and ransomware hacks escalate, cyber protection is becoming one of the fastest-growing insurance industry sectors, a Financial Times special report indicated.
The cyber insurance sector expected to reach a $7.5 billion valuation by the end of the decade, with small medium-sized businesses (SMBs) a rising customer demographic.
Following high-profile cyberattacks two years ago at WannaCry and NotPetya, many companies became certain protection was necessary because data breaches are often pricey.
A 2014 breach at Marriott, for example, cost the chain over $100 million before fines were levied under EU rules. The company’s insurance policies have paid out $102 million.
“NotPetya was a huge trigger for buying outside the U.S. as [companies] saw what business interruption really looks like,” said Sarah Stephens, the cyber, media and technology practice leader at insurance broker Marsh JLT Specialty.
Insurance companies are eyeing the cyber market as “a rare opportunity for growth.” The global market in annual premiums is forecasted to soar to $15 billion by 2022 from its current $6 billion, according to RBC Capital Markets.
The U.S. most recently led the industry’s growth, but the trend is expanding to Europe. GDPR rules are anticipated to trigger a surge of penalties.
SMBs are another big growth sector for the cyber insurance industry.
“We are seeing more and more take-up, particularly in industries where we see a data breach risk, such as retailers, healthcare, anyone dealing with data analytics and companies that work with big, global firms,” Stephens said.
Aside from payouts to cover losses after an attack, cyber insurance also has a service element to assist customers with hacked systems. Services offered include forensic investigators, public relations experts and expert negotiators to deal with ransom demands.
“Cyber modeling is still very much in its infancy,” said Rebecca Bole, head of Industry Engagement at CyberCube, a cyber modeling specialist. “It is a very different peril to weather-related perils, where the science is documented and well understood. Cyber is a man-made peril, which creates a lot of complexity.”