Cyber Insurance Market Expected to Grow

As high-profile cyber threats to data security and privacy grow, many businesses are turning to cyber insurance for protection.

Although cyber insurance has been in existence for more than a decade, the market for cyber coverage has recently begun to expand as the cost of data breaches and other cyber threats continues to grow, according to an article by Nicole Perlroth.

The average cost of a data breach hit $7.2 million last year and cost companies $214 per compromised data record, according to the Ponemon Institute. And that's just for a data breach. If a company's intellectual property is stolen, it could decimate an organization.[1]

In the past, businesses have generally been reluctant to discuss cyber and data threats publicly, and some companies have been unwilling to commit significant resources to protecting against these threats.

Despite high-profile cyber attacks at Sony, Google, Epsilon, RSA and others this year, only a third of companies surveyed by Advisen, a research group, say they have purchased a cyber insurance policy.[2]

The business risks of cyber threats have become so prominent, in fact, that the U.S. Security and Exchange Commission recently issued guidance requiring companies to disclose "material" cyber attacks and related cost to shareholders, as well as any "relevant insurance coverage."[3]

Cyber insurance protects against the "twin risks" of data privacy and security.

A comprehensive cyber insurance policy should protect against the "twin risks" of data privacy and security, according to Emily Freeman, a cyber insurance broker. Cyber insurance should provide coverage for intellectual property theft, "the cost of lost business, notification costs, credit-monitoring services, public relations and legal and investigation expenses" as well as "class-action lawsuits, regulatory investigations, civil fines and even extortion demands."[4]

Despite past reluctance by some in the business world to address cyber and data threats with insurance coverage, Perlroth's article suggests that the cyber insurance market is on the verge of considerable growth.

There are no statistics on the size of the cyber insurance industry, but Peter Foster, a senior vice president at Willis North America, an insurance broker, estimates there may be $750 million worth of premiums placed. With the recent S.E.C. measure and the frequency and severity of cyber attacks growing, Mr. Foster predicts that figure could grow by 50 percent over the next 12 to 18 months.[5]

Julie Campbell at Live Insurance News agrees, indicating that 2012 will begin a massive expansion in cyber attack insurance.[6]

This year, the world watched as many corporations – even those that are reputed to have the strongest security systems in place – experienced massive data breaches that were so extensive that their final damage total has yet to be calculated.[7]

Earlier this year, one massive cyber attack showed that small-time hackers and identity thieves are not the only significant threat to information privacy and security.[8]

Approximately 48 chemical and defense companies in the U.S. were the targets of a large cyber attack earlier this year.

Symantec Corp., a leading data security firm, announced that "approximately 48 chemical and defense companies in the U.S. were the targets of a large cyber attack" in October. The attack was traced back to China and it "has been linked to industrial espionage, as the compromised information detailed chemicals, formulas and manufacturing processes used in military and industrial ventures."[9]