Cyber Insurance Market Growing Dramatically, Triple-I Finds

Published on February 13, 2024

Warren Buffett worried about Cyber insurance market

Direct written premiums for cyber insurance worldwide could rise to $23 billion by 2025, with U.S. businesses paying about 56% of the total, according to the Insurance Information Institute’s (Triple-I) latest Issues Brief.

“Two primary factors may be at work,” stated Triple-I’s Cyber Insurance: State of the Risk, when explaining the trend.

The first is the ubiquitous threat of data breaches and cyberattacks.

The second is insurers have made strides in clarifying policy coverage and exclusions, improving risk managers’ understanding of product value and helping insurers better manage costs and rate stability, the Issues Brief said.

U.S. businesses, the primary purchasers of standalone cyber insurance policies, are facing broader exposure to data breaches and cyberattacks through their reliance on Internet of Things (IoT) technologies, the expansion of remote work, and greater use of cloud data storage, according to Triple-I’s latest Issues Brief.

Purchasing cyber insurance as a standalone policy can lower the cost to a business in the event of a data breach or cyberattack involving sensitive information by covering damages that general liability insurance policies may not, including:

  • Legal fees
  • Repairing digital infrastructure
  • Restoring clients’ personal information
  • Recovering proprietary data

“In 2023, the average data breach cost for organizations climbed higher than ever, to $4.45 million, according to IBM’s Annual Data Breach Report,” Triple-I’s Issues Brief said. “This figure is a 15% increase over 2020, but only 2.3% over 2022.”

The global cyber insurance market tripled in volume in the five years ending in 2022, according to the Swiss Re Institute, with direct written premiums worldwide totaling an estimated $13 billion. Given more than half of these premiums are paid by U.S. businesses, the National Association of Insurance Commissioners (NAIC) and the U.S. Homeland Security Department’s Cybersecurity and Infrastructure Security Agency (CISA) are showing greater interest in this line of coverage, the Issues Brief explained. The same holds true for U.S. cyber insurers.

“Insurers are taking a more sophisticated approach to underwriting and fortifying policy wording and exclusions. Nonetheless, they need more robust data on attacks and breaches in order to predict and manage liability,” Triple-I’s Issues Brief concluded.