In a mature insurance market, IDC has identified cyber insurance as an "excellent" opportunity for insurers. It expects the segment to see double-digit growth year-on-year, from $2 billion in premiums worldwide today to potentially more than $20 billion in the next 10 years, the firm said in a March 15 announcement of a new report.
"Considering the scale and magnitude of the problem, it is obvious that there is huge potential for the cyber insurance market today," wrote report author Sabitha Majukumar.
Approximately 81% of large businesses and 60% of small businesses suffered a cyber-security breach in 2014, according a March 2015 report by the UK government. On the whole, cybercrimes have cost the global economy an estimated $445 billion -- "more than most countries' GDP," wrote Majukumar, citing the World Economic Forum's "Global Risks Report 2016."
While some industries are more vulnerable than others (banking and healthcare face the greatest threats), no industry has been spared:
- Mobile network service provider TalkTalk was hacked in October 2015, impacting 157,000 customers.
- In July, the Obama administration revealed that the health and financial histories of nearly 20 million people had been stolen in a hack of US government computer systems.
- In February 2015, healthcare company Anthem announced it had been hacked, compromising the personal information of nearly 79 million people, including current and former customers and employees.
- And JP Morgan Chase, Dow Jones, and at least four other banks suffered coordinated attacks over the summer of 2014, impacting more than 100 million people.
Insurers Have Been Cautious
Among the concerns that held back insurers from exploiting the opportunity are a lack of historical data on cyber-risks, a lack of understanding of the risks involved, and a lack of insights into the cyber-risk management practices of policyholders.
"The risks are always evolving, due to the fluid nature of technologies in the digital and connected world," wrote Majukumar.
However, assistance may come in the form of big data and analytics.
"Effective data handling is key to the future of cyber insurance offering[s]," states the perspective. "Insurers' data systems should also be integrated into public databases ... to effectively manage and understand potential cyber threats."
It adds that insurers must have real-time monitoring of policyholders' risk exposure, in order to better manage and protect their risk portfolios.
What cyber insurance isn't -- and cannot be -- is a substitute for cyber-security. But it should be an integral element of a company's risk-management strategy, said IDC, which over the next 10 years expects cyber insurance to be as common a purchase for businesses in the UK as property insurance is currently.