According to reports by Fitch Ratings and A.M. Best, P/C insurers wrote USD 1.35 billion in direct written premium for cyber insurance in 2016, a 35% jump from 2015. On the other hand, as a recent A.M.Best study shoes, in the cyber risks area there is a transition from "packaging" cyber risks as additional cluases to P/C insurance contracts into stand-alone. For example, in the top five US cyber risks providers, "81% of their coverages are based on stand-alone. Of the entire USD 1.3 billion, we see 68% in stand-alone and 32% in packaged," a trend which only confirms the increased relevance of the ciber risks.
The increasing demand for cyber insurance is a direct consequence of the growing cyber threat driven by the rapid and extensive digitalization which , beyond revolutionising business models, it is also "making the global economy more vulnerable to cyber-attacks." As a recent "Counting the cost - cyber exposure decoded" report produced by Lloyd's in cooperation with Cyence shows, "the economic and insurance consequences of cyber-crime are increasing. In 2016, cyber-attacks were estimated to cost businesses as much as USD 450 billion a year globally. Insurers are already helping policyholders manage these events, but in order to successfully do so and also capitalize on the opportunities that this fast developing line brings to their own business, they need to have a better understanding of the risks involved and the possible aggregation of losses depending on the events' scenarios.
This is in fact the main challenge with cyber risks, as digitalization is evolving at a high pace and the "landscape" is fast chaging posing new challenges. Analyzing different potential scenarios to quantify the wide variety of damages that can occur as a result of a cyber event, the report's findings suggest "economic losses from cyber events have the potential to be as large as those caused by major hurricanes. Insurers could benefit from thinking about cyber cover in these terms and make explicit allowance for aggregating cyber-related catastrophes. To achieve this, data collection and quality is important, especially as cyber risks are constantly changing." In fact, as Lloyd's research founded out, an extreme cyber attack may cause losse of about USD 53 billion, which means as much as the superstorm Sandy, for which total losses are estimated to USD 50 - 70 billion. Of this total sum, depending of the event's nature (cloud service disruption, mass vulnerability etc.), only 7 to 17% is currently covered by insurance, the report shows.