Cyber insurance market to hit US$10 billion by 2020, ABI Research suggests

03/08/2015 12:31

Risks will drive a US$10 billion cyber insurance market by 2020, suggests ABI Research, a London, United Kingdom-based technology market intelligence company with offices in North America, Europe and Asia.


With over 900 million reported records exposed in 2014, ABI Research said in a press release on Wednesday, “more companies are seriously starting to consider transferring risks to insurance providers.” However, despite growing awareness of vulnerability to breaches and risk management strategies, less than 20% of large enterprises (companies with 500 or more employees) globally avail themselves of cyber insurance, according to the report, titled Cyber Risk, Liability and Insurance.

For small- and medium-sized enterprises, the percentage is even lower, at less than 6%. Small enterprises are 1-99 employees, while medium is 100-499 employees.

Michela Menting, digital security research director with ABI Research, toldCanadian Underwriter that the cyber insurance market is a small one, and she estimated that just over 50 insurance carriers offer cyber-related policies, either standalone or as part of special packages that address multiple areas of cyber risk. “The U.S. market is home to about 70% of carriers globally currently offering cyber insurance policies, although European insurers are expected to increasingly offer cyber-related insurance policies going forward,” she added.

The largest barrier to growth is lack of actuarial data about cyberattacks, but this is quickly changing with continued cyber assaults. Currently, insurers are finding it difficult to assign the proper value to data or systems, or to determine appropriate policies since they are unable to scope the cyber risk environment of an organization, the release said.

ABI Research forecasts the market to hit US$10 billion by 2020. While still a fraction of the total global insurance market, the 36.6% compound annual growth rate is “highly dynamic,” the release noted. “The primary driver for this dynamism is the escalating costs associated with cyber breaches and attacks, pushing risk management strategies to increasingly transfer risks to providers.”

Menting explained the process of determining the US$10 billion figure: researchers first determined a baseline for 2013 and 2014 and then applied a growth rate by plugging in a number of variables into the model and calculating annual growth rate based on the factors. They include:

  • overall value of the insurance market;
  • past growth rates of other insurance products over the past decade;
  • past growth rates of cyber insurance business from carriers;
  • average cost of cyber insurance policies and premiums;
  • number of existing firms in the world;
  • percentage of an IT budget allocated to cybersecurity;
  • adoption rates of risk management practices; and
  • recorded number of past breaches and average cost of clean-up/remediation.

Menting reiterated that the largest barrier to growth is the lack of actuarial data about cyberattacks and breaches, which provides the statistics, enabling insurers to estimate the probability and the potential cost of an event. “This is because organizations are not always keen to publicly announce a breach,” she said, adding that there is often little consequence-oriented analysis taking place after a breach occurs.

“More information sharing, and understanding of event impact and the associated longer-term costs (through post-incident analytics, for example) can help remove some of these obstacles,” she said. “In turn, this will drive better policy rates and see the cyber insurance market progressively emerge from its niche, despite being around for over 30 years.”