Digitalisation is increasing exposure to cyberattacks throughout society, though as the risk landscape grows, so does awareness and demand for commercial and personal coverage.
Swiss Re forecasts global cyber insurance premiums to reach $23 billion by 2025, from an estimated $15 billion in 2023.
In the US, the largest cyber market, premiums grew by 74% in 2023, with standalone policy premiums increasing 92%.
Amid this rise, smaller companies with lower cyber-defence capacity are at the forefront of demand, says the Institute, adding that whether this demand converts into premiums depends on SMEs’ ability to afford coverage.
Half of small businesses go under within six months of a cyberattack. To combat this, it adds that SMEs should be aware that incident-related costs including forensics, regulatory compliance(s), and legal and internal costs accumulate fast and can compromise operations.
Cyber insurance may help to fill the protection gap with policies that typically cover most of these elements and offer privileged access to a network of specialised service providers to facilitate prompt intervention.
Not all cyber risks are insurable. The risk of a catastrophic event stemming from geopolitical conflicts or critical infrastructure failure – along with the human nature of the risk and difficulties quantifying the potential liability – keep capacity and expansion constrained in cyber insurance.
This leaves a revenue opportunity on the table for insurers and decreases society’s cybersecurity resilience.
A larger cybersecurity employee base, better modelling and data, and new sources of capital are all necessary to provide a resilient security infrastructure.