The global cyber insurance market is expected to grow 131% by 2020, compared to the 2016 market, as companies react to fears about data breaches, according to a new report from the Insurance Information Institute (III).
The cost for a company to respond to cybersecurity incidents is on a steep climb. A recent report from Kaspersky Lab found the average cost of recovery from a single security incident is estimated to be $86,500 for small and medium businesses and $861,000 for enterprises.
There are about 60 companies writing cyber insurance policies today, and the U.S. cyber insurance market is worth more than $3.25 billion in gross written premiums in 2016, according to III. PWC recently predicated the market would reach $7.5 billion in premiums in 2020.
Though it's growing quickly, cyber insurance still pales in comparison to commercial auto insurance ($25.8 billion in premiums a year) and worker compensation ($55 billion in premiums per year).
Because cyber insurance is a relatively new insurance product, insurers are still working to determine best practices, including how to price policies appropriately. The III report found U.S. insurers are generally getting better at underwriting and pricing stand-alone cyber insurance policies. But Dr. Robert Hartwig and Claire Wilkinson, co-authors of the report, say cyber insurance policies remain challenging for insurers to underwrite due to a lack of historical actuarial data, among other things.
A typical stand-alone cyber insurance policy covers things like data breach, identity theft, business interruption and cyber extortion. Though cyber insurance policies may be more available today, businesses still need to educate employees and use strong security measures to adequately protect themselves.