Surge in cyber insurance market fuelled by regulatory shifts and global tensions: Morningstar DBRS

Surge in cyber insurance market fuelled by regulatory shifts and global tensions: Morningstar DBRS

Morningstar DBRS, a global credit rating agency, emphasises that cyber insurance is rapidly growing and essential in the digital age, projected to soar to $40 billion by decade’s end amidst rising cyber threats and stringent data regulations.

Surge in cyber insurance market fuelled by regulatory shifts and global tensions: Morningstar DBRSMorningstar DBRS highlights that Cyber insurance is a relatively new type of insurance designed to protect against the financial impacts of cyber-attacks and hacking threats.

Coverage often includes losses from business interruptions, third-party system failures, destruction of digital assets, data recovery and system restoration costs, system failures, cyber extortion, ransomware, remediation expenses, and data privacy liability.

As reliance on digital technologies grows, demand for cyber insurance has surged, making it the fastest-growing segment in the insurance industry over the past decade.

Despite some slowdown in price increases in North America and Europe, the global cyber insurance market is projected to reach around $29 billion in gross premiums by 2027 and nearly $40 billion by the end of the decade.

Register for the Artemis ILS Asia 2024 conference

This demand is driven by the increasing frequency and sophistication of cyber-attacks, stricter data protection regulations, geopolitical tensions, and state-sponsored attacks.

As organisations increasingly integrate digital technologies, the demand for robust cyber insurance solutions is set to rise.

Insurers are expanding their offerings to include risk management and cybersecurity best practices, such as cybersecurity assessments and employee training, to help businesses strengthen their defences against cyber threats.

The future of the cyber insurance market will be shaped by technological advancements, regulatory changes, and innovative insurance products.

Insurers will continue to refine their underwriting models and pricing strategies to effectively manage cyber risk, ensuring the market remains adaptable and resilient.

Regulations will be a significant driver of cyber insurance demand. Governments are implementing new standards to enhance cybersecurity and protect personal data, requiring businesses to comply to avoid penalties and reputational harm.

Laws like GDPR, CCPA, and NIS 2 increase the need for businesses to protect data, driving further demand for cyber insurance.

Entities such as governments, financial institutions, and healthcare organisations, which handle large amounts of sensitive data, are prime targets for cyberattacks.

For example, Banco Santander SA recently experienced a cyber-attack that exposed client and employee information. To comply with US regulations, Santander offers cyber insurance to its US employees through a policy with American International Group, underscoring the growing reliance on insurance to mitigate cyber risks.

Insurance and reinsurance companies face significant challenges in the cyber insurance market, including risk quantification, pricing, accumulation modelling, state-sponsored activities, regulatory changes, and low penetration rates among small and medium enterprises.

The rapid adoption of technologies like artificial intelligence (AI), machine learning (ML), and IoT introduces new vulnerabilities, increasing the risk of cyberattacks.

Cyber risks are dynamic and influenced by human behaviour, technological advances, and geopolitical events, making it difficult for insurers to accurately predict and price these risks.

This uncertainty can lead to catastrophic losses. For instance, the 2017 NotPetya attack caused over $10 billion in damages globally, leading to complex litigation as insurers argued the attack was an act of war, which is typically excluded from coverage.

In response to such incidents, insurers like Lloyd’s of London have tightened policies to exclude cyber losses from war or hostile acts.

However, attributing cyber-attacks to state actors is challenging, and legal outcomes may not favour insurers. A large-scale cyber-attack affecting multiple sectors simultaneously could result in significant accumulated losses, threatening the financial stability of insurers and reinsurers.

To manage this risk, insurance companies closely monitor and limit their cyber exposure. Regulators are increasingly focused on the systemic risks posed by cyber insurance and its broader implications for the financial sector.

Print Friendly, PDF & Email