Companies are uncertain of how much coverage to acquire and whether their current policies provide them with protection. One of the roots of the uncertainty stems from the difficulty in quantifying potential losses because of the dearth of historical data for actuaries and underwriters to model cyber-related losses. Furthermore, traditional general liability policies do not always cover cyber risk. In the United States, ISO's revisions to its general liability policy form consist primarily of a mandatory exclusion of coverage for personal and advertising injury claims arising from the access or disclosure of confidential information.
Marsh estimates the US cyber insurance market was worth USD1 billion in gross written premiums in 2013 and could reach as much as USD2 billion this year. The European market is currently a fraction of that, at around USD150 million. Estimates see the European market reaching a size of EUR700 million to EUR 900 million by 2018. The European cyber coverage market could get a big boost from draft European Union (EU) data protection rules in the works that would force companies to disclose breaches of customer data to them.
Though still very much in its infancy, the market's potential is vast with cyber-crime costing the global economy about USD445 billion every year, according to an estimate published in June 2014 from the Washington-based Center for Strategic and International Studies.(1) While many companies have in the past counted on their general commercial liability policies for coverage, they are increasingly taking out standalone contracts.
Interest in cyber insurance continues to increase, according to the recent Marsh benchmarking trends report on cyber insurance. The report found that the number of the firm's clients who sought to purchase this type of coverage increased by 21 percent from 2012 to 2013. Media reports of serious data breaches have undoubtedly prompted more companies to buy cyber coverage of USD100 million or more compared to the prior year.
Since traditional insurance products often do not cover damages resulting from an incident like a computer breach, specific cyber liability insurance may be necessary. Carriers have been adapting their policies to include a variety of loss prevention and risk mitigation tools, ranging from turnkey breach response teams to pre-emptive risk analytics.
Note:
1. Center for Strategic and International Studies, Net Losses: Estimating the Global Cost of Cybercrime, Economic Impact of Cybercrime II, June 2014, Page 6.