The market for digital financial protection continues to rise, with more than $1 billion USD in cyber-insurance premiums written in 2015, according to Fitch Ratings. American International Group (AIG), Chubb Limited, and XL Group led the way in terms of cyber-insurance premium volume, issuing 22%, 12%, and 11% of the market, respectively.
Insurance broker giant Marsh & McLennan Companies has been even more bullish on the market than Fitch’s large sums suggest. It estimated that the global insurance market wrote some $2 billion USD in cyber-insurance premiums in 2014 — and believes that figure grow to nearly $10 billion USD by 2020.
Others believe that the sky is the limit, although the big-three rating agency suggests that digging into the data to get an accurate assessment of the market’s future potential is difficult. “Industry estimates suggest that the global cyber-insurance business could increase to $20 billion by 2020,” said Jack Auden, managing director at Fitch Ratings. “But the lack of information on cyber-insurance is a challenge for insurance companies, policyholders, regulators, and investors to evaluate and price risk.”
Auden added that “challenges in isolating cyber-related premiums and exposures from other risks within a package policy creates limitations in analyzing the supplemental filing as total cyber-insurance premiums are likely understated.”
The financial sector has proven to be particularly vulnerable to cyber-attacks, with a recent study by network security firm RSA Security ranking it as one of the industries least prepared. “Cybersecurity research provides tangible evidence that organizations of all sizes, in all industries, and from all geographies feel unprepared for the threats they are facing,” said RSA President Amit Yoran.
According to Fitch’s report, “Cyber-Insurance Market Share and Performance,” the property/casualty industry’s direct loss ratio for standalone cyber business was 65.2% in 2015.
The ratings agency does note, however, that “the nature of the new supplemental data filing leads to more limited information regarding underwriting results from cyber business, as information is provided solely on a direct basis and does not include information for incurred losses net of reinsurance and underwriting expenses.”