Will Cyber-Insurance Become the Norm?

cybercrimeCyber-Insurance to Become the Norm?

         Let this sink in, by 2019, the cost of cybercrime worldwide will be 2.1 trillion from Juniper research.  In 2012, The Wall Street Journal surmised that annual cost of cybercrime to the U.S. was around $100 billion.  Current estimates put the cybercrime costs in 2015 at $400 billion for U.S. businesses.  The main point to consider here is that the estimated cost of cybercrime quadrupled from 2012 to 2015.  This fact is why 2.1 trillion in 2019 doesn’t seem far off and “rapid digitization of consumers’ lives and enterprise records will increase the cost of data breaches to $2.1 trillion globally by 2019, increasing to almost four times the estimated cost of breaches in 2015.”  What are U.S. and enterprises around the world doing to mitigate this financially?  The answer might surprise you.

         The solution some companies are turning to is Cyber-Insurance.  Starting in the mid 90’s, the industry hasn’t had much traction because the lack of demand.  Only recently over the past few years have many large corporations begun looking into and acquiring this novel insurance.  But with any insurance types comes risks for the provider itself.  As of 2015, no insurance company will offer protection in an amount greater than $100 million.  This poses a very pointed problem for many companies.  Many of the larger attacks such as Target in 2013 and Sony in 2014, costs were much higher than $100 million with “the average cost of a data breach in 2020 will exceed $150 million,” per Juniper research.  

         This being said, as recently as September 2015, the company BitPay was the target of a advanced spearphishing attack and lost over 1.8 million dollars in the electronic currency Bitcoin.  Bitpay had a very sizable insurance premium on its company to protect from this very thing, however the insurance company denied the claim due to wording in the contract stating “We will pay for loss of or damage to “money,” “securities” and “other property” resulting directly from the use of any computer to fraudulently cause a transfer of that property from inside the “premises” or “banking premises”: a. To a person (other than a “messenger”) outside those “premises”; or b. To a place outside those “premises.”

         This shows the limit of Cyber-Insurance, however this doesn’t mean that it isn’t effective.  The growth of the cyber-insurance market however shows the increased need for this market and the willingness of corporations to utilize this solution.  Per the Wall Street Journalcybercrime, “global Cyber-Insurance market will reach $7.5 billion in annual sales by 2020, up from $2.5 billion this year.”

         So far the problem has really been the lack of companies actually willing to underwrite cyber-attacks.  So far only a small group of prominent insures offer it, AIG Inc., ACE Ltd., Chubb Corp., Zurich Insurance Co. Ltd., and Beazley Group Ltd., though even these companies are taking it slow.  Per Insurance Journal, “Demand for insurance covering cyber attacks is mounting and the risk is evolving rapidly, panelists noted. A number of U.S. insurers are testing the waters but panelists said that even the insurers with larger market shares have thus far been cautious due to the lack of actuarial data available in this nascent market. They have been writing policies with low limits and a slew of exclusions such as excluding damages resulting from data handled by an external contractor.”  The cybercrime economy will drive the threat, and as we’re seeing, will also drive the insurance premiums as well.

Here are some of our blog posts to read in the meantime:

Potential Amazon Password Leak
Top 5 Cybersecurity Threats in 2015
Top 5 Cybersecurity Myths that May Surprise You
Microsoft State of Security Address Experian (includes T-Mobile)
Trump Hotels
Tesla and Chrysler (unrelated to each other)
Apple App Store
U.S. Office of Personnel Management (OPM)
Kaspersky & FireEye (unrelated to each other)
Excellus Blue Cross Blue Shield
Ashley Madison
Ashley Madison (follow up)

Thanks for stopping by and reading our blog. We would appreciate if you could subscribe (assuming you like what you read; we think you will). This is meant to be informative and to provide value to anyone who reads this – regardless of their knowledge and/or understanding of IT/Cybersecurity. To learn more about us, check out our “About Us” page.

Be sure to subscribe to this blog and to our Podcast.


Wall Street Journal
Insurance Journal
Juniper Research
Network World
New York Times

If you have ANY Cybersecurity needs, please contact us and a member of our staff with promptly reply to your question or concern.

Enter your email address:

Delivered by FeedBurner

Subscribe to our mailing list

* indicates required

About Matthew Eliason

Matthew Eliason was born in Houston, Texas.  Upon graduating from high school, he joined the Navy.  His first tour was as an Information Systems Technician of a 130 client DOD network where he developed the documentation and maintenance procedures from 2007-2012.  In 2012, he transferred shore duty where he serves as a system and security administrator. He graduates with a Bachelor’s of Science in Information Technology from American Military University in November of 2015. He holds the CompTIA Security+ certification and has extensive experience in DOD Information Assurance (IA) and Cyber Security compliance and procedures.  He enjoys golf, hiking, watching football in his spare time.