Insurance companies have been offering insurance covers for losses occurring due to natural calamities. However, the rise of technology has made them dive into a different area of the manmade calamities: Cyberattacks. The recent data breaches have made insurance companies to provide cover for losses occurring due to cyberattacks. The coordinated cyber attacks have been increasing. The massive data breach in Yahoo and Equifax have affected millions of accounts, causing a huge uproar in the boardroom of both companies. Moreover, attack on local energy distribution firms in Ukraine, breach of the health insurance provider Anthem Inc., and attack on the White House’s unclassified network were among recent examples that grew concerns regarding the cyberattacks.
Companies have become cautious and acquiring insurance in case cyberattacks occur. The cyber insurance industry is expected to generate $ 29175.9 million in revenue by 2025, growing at a CAGR of 28% from 2016 to 2022, according to Progressive Markets, a research firm. Rise in awareness about cyber risk is among the major reasons for the growth.
The big market players such as AIG and Chubb began offering cyber policies since late 1990s. Now, more than 80 companies sell cyber policies, most of which are focused on data breaches. The recent massive data breaches have convinced top executives to opt for cyber insurance. As the technology advanced, the number of different cyber attacks increased. It has become irksome for cyber insurers to design their policies which would prevent them from undergoing losses. They have been trying to devise a structure to price their new cybersecurity policies. Organizations have began viewing cybersecurity as risk instead of IT problem. They have been thinking about how much risk they are able to keep.
The cyber threats are constantly evolving and becoming complex with advancement of technology. The challenge is how to determine how much losses will be incurred if cyberattack takes place. Determining the worst-case scenario have become difficult. In October 2016, a group of cybercriminals carried out a cyber attack in which they launched a denial of service attack in which millions of the U.S. citizens could not access Spotify, Netflix, and Amazon for hours. However, it is difficult to determine the losses to these companies due to this cyberattack. In a rough estimate, this attack costed all companies more than a billion dollars. According to Cyence, the four-hour outage of S3 cloud storage system of Amazon, which was not included in the attack resulted in the loss of at least $150 million S&P 500 companies.
Quantifying cyber attacks would take some time as its complexity is ever-increasing. Moreover, when hackers will know the new defenses, they will change their ways to steal information and carry out other activities. Companies need to employ cyber experts and analysts to form a structure of policies to avoid themselves from undergoing catastrophic losses.