Cyber Attack Insurance Market Expected to Double This Year

Friday, July 18, 2014
(AP Graphic)

Insurers can’t write new policies for coverage against cyber attacks fast enough these days, thanks to the onslaught of unwanted network intrusions.


Private companies in the U.S. are buying insurance to cover cyber attacks at a dramatic rate this year, with the total expected to be twice that from 2013.


“There has been a huge uptick in cyber insurance,” Dave Kennedy, CEO of TrustedSec LLC, which performs security assessments for companies seeking insurance, told Homeland Security News Wire.


Last year, the U.S. insurance industry produced $1 billion in policies covering hacker attacks. By the end of 2014, the figure is expected to reach $2 billion.


The European cyber insurance market is far smaller—about $150 million annually—but it’s growing by 50% to 100% per year, according to the insurance broking division of Marsh & McLennan Companies.


Experts say a recent court ruling against Sony over intruders getting into the company’s PlayStation Network prompted many businesses to seek cyber-specific coverage. Sony’s loss stemmed from its reliance on general commercial liability policies to cover hacking incidents.


The economic implications of cyber attacks are considerable.


One think tank, the Center for Strategic and International Studies, estimates cybercrimes cost the international economy upwards of half a trillion dollars annually.


Despite the clear risks that hackers pose, companies aren’t making the decision lightly to buy the new kind of insurance, which can cost $20,000-$25,000 per $1 million in coverage. In fact, in spite of the market’s enormous rate of growth, experts say that its development will be relatively slow. This is due to the difficulty of assessing risk.


“Insurance carriers do well in those industries where they have enough data to efficiently determine risk, such as home, fire and car,” Andrew Braunberg, researcher director at NSSLabs, told eWEEK. “In cyber, however, there is an asymmetry between what they know about an organization's security and the company's risk profile; they are at a disadvantage there.”


Graeme Newman, a director at CFC Underwriting, agreed. “They could tell you exactly the chance of an office building burning down in Midtown Manhattan, but there isn’t anyone on this planet who could tell you the probability of a large U.S. retailer being hacked tomorrow,” he told The New York Times. And looking to the past doesn’t necessarily provide helpful indicators for the future. “Statistics from five years ago are almost irrelevant today,” he added.

-Noel Brinkerhoff, Danny Biederman


To Learn More:

Demand for Cyberattack Insurance Grows, But Challenges Remain (Homeland Security News Wire)

Cyber-Insurance Valuable yet Still Needs to Evolve (by Robert Lemos, eWeek)

Cyberattack Insurance a Challenge for Business (by Nicole Perlroth and Elizabeth Harris, New York Times)

153 Cyber Attacks on U.S. Energy Grid in One Year (by Noel Brinkerhoff, AllGov)

FBI, Homeland Security and Counterterrorism Center Declare Cyber-Attacks Bigger Threat than Terrorism (by Noel Brinkerhoff, AllGov)


Leave a comment