Cyber risks - expected to develop fast driven by the increasing interconnectivity of business

24 September 2015 — Daniela GHETU
"The cyber insurance market is currently estimated to be worth around USD 2 billion in premium worldwide, with US business accounting for approximately 90%. Fewer than 10% of companies are thought to purchase cyber insurance today. However, the cyber insurance market is expected to grow by double-digit figures year-on-year and could reach USD 20 billion+ in the next 10 years," states the recent study released by ALLIANZ, "A Guide to Cyber Risk: Managing The Impact of Increasing Interconnectivity".

According the the German's group analysis, the estimated annual cost beard by the global economy from cyber crime amounts to USD 445 billion, of which over USD 200 billion represent the share belonging to the four world's largest economies - the US, China, Japan and Germany. The top 10 economies account for approximately 50%+ of cyber-crime costs

As the past experiences show, the vulnerability of industrial control systems to attack already poses a significant threat, but the effects could be much more dramatic considering the eventuality of cyber attacks over security sensitive facilities such as nuclear power plants, laboratories, water suppliers or large hospitals.

"Sectors holding large volumes of personal data, such as healthcare and retail, or those relying on digitalized technology processes, such as manufacturing and telecommunications, are most likely to buy cyber insurance at present,' the study says. However, the system's interconnectivity extends the area of concern also towards financial institutions and the energy, utilities and transport sectors. Simply said, no business is completely imune to the cyber risks.

Beside possible business interuption (BI) from a cyber incident, data privacy and protection is one of the main cyber risks and related legislation is already toughening opening the way for more sanctions for data breaches. "Legislation has already become much tougher in the US, Hong Kong, Singapore and Australia, while the European Union is looking to agree pan-European data protection rules. Tougher guidelines on a country-by-country basis can be expected."

With a skyrocketing number of detected cyber-attacks during 2014 - up 48% at roughly, 117,339 incidents per day - the increasing trend is already more than evident, requiring a serious consideration. In this context, although it is not a replacement for good cyber security, the insurance industry may play a significant role in transferring cyber risks, providing protection should the worst happen.

According the ALLIANZ study, the Top 5 trends in cyber insurance are:
  • Exclusions in traditional policies will become more commonplace. Standalone cyber product to be the main source of liability cover
  • Cyber concept and wordings will be tested, potentially resulting in litigation
  • Cyber insurance market needs volume and diversification. More segmentation in future with insurers specializing in certain sectors
  • Lack of education is an obstacle to growth - both in terms of businesses' understanding of exposures and underwriting knowledge
  • In the event of a cyber security incident a speedy response and use of third party experts can mitigate losses
The standalone cyber insurance market will continue to evolve but development will bring challenges, with many concepts and wordings yet to be tested, potentially resulting in litigation. This is not unusual with new products and can improve risk knowledge.

Education - both in terms of businesses' understanding of exposures and underwriting knowledge - must improve if insurers are to meet growing demand. Other challenges exist around pricing, modeling of risk aggregation and incidents resulting in physical damage, concludes the study.

The full ALLIANZ study is available at