More insurance providers are providing cybersecurity insurance as losses mount from hacks, ransomware and other attacks.
Cybersecurity insurance is projected to grow from $3.89 billion in 2017 to $23.07 billion by 2025, thanks in no part to a sharp increase in cyber attacks. However, cybersecurity insurance is a relatively new product and has some kinks to iron out.
The rise of cybersecurity is commensurate with the rise in losses due to breaches. The average cost of a breach to a company increased 5% to $3.86 million, according to a 2018 study by Ponemon. The study also claims that data sources holding over 10k records faced an astounding 26% chance of a material breach involving lost or stolen records. In 2014, major retailers Target and Home Depot dealt with major breaches, costing them $300 million and $161 million respectively.
Stolen records aren’t the only type of cyber threat to companies. Ransomware, advanced persistent threat and distributed denial of service attacks also pose significant threats.
Cybersecurity insurance is growing across many industries--finance, IT, healthcare, manufacturing and healthcare. Finance was an early adopter of the insurance and continues to dominate market share. IT is growing at a healthy clip of 27.8% because of the volume of data they house.
Healthcare data is highly coveted by hackers because it can be maliciously used in many different ways. An individually breached health record costs healthcare organizations $380, well over the $141 average. This is why 78% of healthcare organizations carry cybersecurity insurance. The hospitality and gaming industries are using more cybersecurity insurance. Insurance broker Marsh reports to have seen a 67% increase in purchases in this sector.
New regulations (GDPR, HIPAA, PII) and the increase in connected devices have also contributed to the rise of cybersecurity insurance purchases.
Challenge for Insurers
The challenges for cybersecurity is assessing risk and potential damages. Insurers need to understand each company’s security apparatus to gauge whether it’s sufficient enough for current threats. They may struggle to acquire the necessary data to make an accurate assessment. Many companies are required to self asses, meeting requirements by the insurer in order to gain coverage.
Though damages due to cybersecurity are trending upwards, pricing has actually dropped 0.6% in Q4 2018 in the U.S. due to an increase in supply.