The need to shield against cyberattack losses will contribute to growth in cyber insurance.

Cyber insurance market shows promise going into 2017

With 2016 coming to a close, businesses have begun taking stock of losses related to cyberattacks. Ransomware alone is expected to have cost businesses $1 billion by the end of the year. While an official value hasn't been attributed to total cybercrime-related losses for the year, it's a near certainly that 2016 will surpass 2015's staggering $3 trillion in cyberattack costs.

In response to these losses, experts predict that cyber liability insurance will continue to see growth through 2017 and beyond. 

A $7.5 billion market by 2020
According to PricewaterhouseCoopers, the value of annual gross written premiums for cyber insurance will be worth $7.5 billion by 2020, up from a relatively modest $2.5 billion in 2015.

There's little doubt that this expected increase is in response to the the evermore daunting cyberthreat landscape, which continues to hurt corporate margins. In 2016 in particular, the world witnessed multiple unprecedented cyberattacks, including:

  • Multiple hospitals being held ransom by crypto-malware. 
  • An $81 million digital bank heist (initial target was $900 million)
  • Internet-of-things-distributed denial-of-service attacks that affected industry titans such as Amazon, the New York Times and Netflix. 
  • The revelation of Yahoo's massive data beach. 
  • An estimated $1 billion in ransomware losses. 

The U.S. Department of Justice, the Internal Revenue Service and voter registration systems in several states also contended with cyberattacks in 2016.

As the damage caused by cyberthreats becomes more apparent, the incentive to shield assets against losses with cyber insurance will invariably be greater. 

Defining risk: The big challenge

"Cyber insurance will play a bigger role in 2017, but it's not without inherent challenges."

According to the Risk and Insurance Management Society, 80 percent of organizations had some form of cyber insurance in 2016. And while those on the front lines agree that cyber insurance will play a bigger, more important role in 2017, many also foresee inherent challenges. 

"It will certainly be more commonplace, but it's still a specialized market with difficulties assessing risk, particularly in the face of a changing cybersecurity attack landscape," Dr. Bruce Roberts, Chief Technology Officer at DomainTools told IT Pro Portal. "I'm just not sure we have enough data to inform an efficient, mature cyber-insurance marketplace."

Dr. Bruce is not alone in this thought, as PwC made specific mention of the challenges associated with developing risk profiles: 

"Part of the challenge is that cyber risk isn't like any other risk insurers and reinsurers have ever had to underwrite," PwC wrote. "There is limited publicly available data on the scale and financial impact of attacks.

That said, PwC hardly sees this as an insurmountable hurdle that will stunt forward momentum of the market, as it added, "We believe there are eight ways insurers, reinsurers and brokers could put cyber insurance on a more sustainable footing and take advantage of the opportunities for profitable growth." These include the implementation of smarter data analytics, rolling policy updates that can be amended in real time, conditional coverage, and partnerships with agencies that can share data and expertise to enhance policy development. 

At the very least, this gives cyber insurance carriers something to work toward in 2017.