The global premium volume for cyber insurance is set to grow six- to eightfold within a decade, Fitch Ratings Inc. said Wednesday, driven by such incidents as the breach at credit monitoring agency Equifax Inc.
In the report Cyber Insurance — Risks and Opportunities, Fitch said the current global insurance market for stand-alone cyber coverage is about $2.5 billion to $3.5 billion, and that it expects global stand-alone cyber premiums to increase to $12 billion to $20 billion within 10 years.
This growth is being spurred by increasing risk and awareness of cyber attacks, such as the theft of an estimated 143 million individuals' personal data from Equifax. Roughly 90% of global cyber premium originates in the U.S., Fitch said, due to more active cyber regulation.
Fitch cited the April 2017 Council of Insurance Agents & Brokers’ Cyber Insurance Market Watch Survey, which said 32% of surveyed companies purchased some form of cyber coverage, up from 24% a year earlier.
Fitch said that recent ransomware attacks show that today’s interconnected society can lead to a wide geographic footprint for a single cyber incident. Risk concentrations may be more correlated to factors other than industry or geography, Fitch said, such as concentrated exposure to one electronic payment processor or firewall system.
Cyber insurance has been a profitable business line for early market entrants and is a rapid-growth segment now, Fitch said.
“The nature of cyber risk and the wide variety of potential cyber events add to challenges in quantifying risk aggregations and catastrophe loss potential,” Fitch said. “A lack of standardized policy language and terms can also lead to meaningful differences in individual carriers' product offerings, which is a source of confusion and uncertainty for policyholders.”
Fitch said insurers that lack cyber underwriting expertise, poorly manage their risk accumulations or fail to recognize loss potential from “silent” cyber exposure in their traditional commercial insurance products could face pressure on earnings, capital or even ratings if large-loss scenarios occur as the market expands.
The top 15 writers of cyber insurance held about 83% of the market share in 2016, Fitch said, and the leading cyber writers tend to be companies that have historical track records in developing products in emerging risk areas.
Development of cyber regulation in Europe and elsewhere is likely to spark demand for coverage, Fitch said. The European General Data Protection Regulation implementation in May 2018 will introduce more stringent notification requirements that increase awareness of the prevalence of data breaches.
The GDPR will also expose organizations to large fines for data breaches — up to 4% of turnover — although it is not clear whether insurance would be allowed to cover these, Fitch said.