Cyber risk insurance is currently one of the fastest growing segments in property/casualty insurance. With the growing demand for protection against data breaches, online hacks and cybersecurity disasters, insurance providers must determine whether expansion into standalone cyber insurance is worth the potential risk. A recent report by Fitch Ratings stated that at this stage, “aggressive growth in standalone cyber coverage, or movement to high portfolio concentration in cyber,” could be ratings negative. However, some industry experts believe that the growth of cyber insurance could allow the insurance industry to develop best practices and reduce cyber risks.

Current cyber risk insurance market

Cyber-attacks can affect organizations of all sizes, causing a wide range of damage — from shutting down hospitals to assisting in real-life pirating. It’s no wonder that in 2015 cyber risk insurance brought in an estimated $3 billion in premiums and is anticipated to triple over the next four years. Roughly 50 insurance carriers currently offer some form of standalone cyber risk insurance product. And this number is only anticipated to increase. 

Risk to insurers

While the demand for cyber risk insurance is high, aggressive expansion into standalone cyber risk policies could be credit negative. Unlike traditional areas of insurance, where risks and loss expectations are well-modeled and understood, there is far less data available to predict cyber-attacks. The scope of a cyber-attack may spread beyond that of a natural disaster, for example, and certain losses may be covered by existing insurance products. Therefore, insurers face challenges in establishing policy terms and pricing risk.

House Homeland Security Subcommittee on Cybersecurity hearing

Despite these risks, North Dakota Insurance Commissioner and NAIC Cybersecurity Task Force chairman Adam Hamm remains optimistic that the insurance industry is well-suited to take on the challenges. On March 22, Mr. Hamm testified before Congress on issues related to cybersecurity in the insurance sector in a hearing entitled, “The Role of Cyber Insurance in Risk Management.” According to Mr. Hamm, the expansion of cyber risks and the growth of cybersecurity insurance could allow the insurance industry to develop the best practices that pave the way in reducing cyber risks. He stated that “Insurance has a long history of driving best practices and standardization by creating economic incentives through the pricing of products, and the underwriting process can test the risk management techniques and efficacy of a policyholder making a broader range of businesses secure.”