Cyber Insurance Demand Is Growing, But Risk Is Still Underinsured
Matthew Grant, executive director at Abernite posted (https://www.linkedin.com/pulse/cyber-risk-insurance-black-hole-massive-opportunity-matthew-grant/) that according to Cambridge University Centre for Risk Studies global economic loss from cyber attacks in 2017 was $1.5 trillion of which only 15% was insured.
Cyber insurance premiums are predicted to grow from $4 billion in 2018 to $20 billion in 2025. Most commentators expect an annual growth rate of over 30%. However, cyber insurance is less than 0.1% of the global property and casualty market. As the demand grows, so does the gap between economic and insured loss.
Cyber insurance has been available since at least 2004, and is now offered by over 100 insurers. Major brokers are partnering with cyber risk modelers. Because of the evolving nature of cyber risk, insurers are cautious about the extent to which analytics can be used to price cyber insurance. Unlike conventional insurance products, cyber risk has the potential for catastrophic risk across boundaries.
The NotPetya virus attack of June 2017 has resulted in $2.7 billion insured loss by May 2018, making it the 6th largest catastrophe of 2017.
In addition to risks explicitly covered by cyber insurance, there is the risk from “silent cyber” loss – damage to physical assets normally covered by Property insurance but which may be excluded. In 2015 the Cambridge Risk Centre working with Lloyd’s modeled a cyber attack on northeastern United States power generators; estimated minimum economic loss was $243 billion of which only about 10% was insured.
While by now most businesses know cyber risk exists, we underestimate its frequency and severity. This leads to complacency in addressing cyber security, and explains why more start-up companies offer new ways to underwrite bicycles than analyze cyber risk. It may take a true mega-catastrophe to change attitudes.