Cyber insurance: a growing industry now necessary for businesses

In a world where security breaches and cyber attacks have increased in recent years, businesses are looking for new ways to defend themselves.

As a result, cyber insurance has become a popular method of protection, with the industry growing around 20 per cent year over year and the potential to be a $20 billion marketplace in the next five years, according to UK-based specialist insurance company, Beazley plc.

“There’s been a groundswell of cyber insurance being purchased over the last five years, but it’s been around for quite some time,” Bob Wice, US focus group leader for technology, media and businesses services at Beazley, tells IT World Canada. “Of course, every large breach or attack on a global level drives more buyers into the market, and with that happening more frequently, cyber insurance coverage has become fairly robust.”

But what exactly is cyber insurance? As Wice explains, it began as a way to fill the gaps in traditional insurance policies back in the 1990’s when the Internet developed into a business and consumer medium.

“All the traditional kinds of insurance coverage never talked about computer viruses, cyber extortion threats, hacking activity, or malicious code, and it became obvious pretty quickly that a new line of coverage and policy would need to be constructed to fill those gaps,” he explains. “But as all industries, it started off niche, and remained very narrow for years.”

He says that for much of the early 2000’s, companies that experienced security breaches believed they were the sole victims. But that notion transformed in 2005 when California – and later, 44 other states – enacted a law saying if there’s a suspicion of an unauthorized disclosure of Californian residents’ personal information, the organization entrusted with that information needs to notify its customers who may have been affected.

“This legislation change essentially put companies in the position where, if their security and privacy controls failed, they would be subject to real costs and real penalties,” Wice points out. “Companies were required to figure out what happened and what the cause of the breach was, which meant they needed technical experts to come investigate, as well as legal experts to determine how to move forward. And on top of all of that, they also had to start offering customers something from a crisis management standpoint that was more than just ‘hey, we messed up, sorry, won’t happen again.’”

He continues to say that by recognizing customers were in a vulnerable position because of their security breach, and the costs associated with that, companies began demanding a special kind of insurance for this exposure and risk.

“Here at Beazley, for example, our cyber insurance is a service that puts a breached company in a position to mitigate their loss and save their image, because the importance of responding to a breach in a concerted, informed, and transparent way is critical to a company’s reputation,” Wice adds. “We offer a package that connects companies to a suite of legal, technical, financial, and crisis management experts that, before the insurance, a company would have been scrambling to find at a time of panic and disarray.”

The original cyber insurance policies targeted the middle market, such as retailers, schools, the hospitality sector, and healthcare organizations, which generally had no experience responding to security breaches or the resources to deal with one, but that soon expanded. Now, the market is worth approximately $2 to $3 billion in revenue with more than 40 different providers of cyber-specific insurance across North America, and that number continues to grow as opportunities for its use continue to rise.

“Cyber insurance products and services have become mainstream as so many industries get hit hard by breaches. After Target was hit in December 2013, there was a groundswell of brick and mortar retailers buying coverage to protect their point of sale credit card processing devices. Then Sony was breached in 2014, which made a lot of big tech corporations nervous, and Ashley Madison in 2015, which resonated with a lot of digital-first businesses,” Wice highlights.

And with the most recent global ransomware WannaCry threatening everything from the UK’s National Health Service to FedEx, which resulted in “significant business interruptions and downtime,” companies both large and small are now looking at cyber insurance “as a less-than-optional purchase.”

“Modern viruses and ransomware really puts companies in a position where if they don’t pay or figure out how to overcome the attack, they risk losing data, which would mean they can’t conduct business the way they normally would. All of this has resulted in cyber insurance being a growth area for the insurance business, as well as an opportunity for insurance companies to really build a new line of coverage that’s been really not seen before,” Wice concludes.

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

Mandy Kovacs
Mandy Kovacs
Mandy is a lineup editor at CTV News. A former staffer at IT World Canada, she's now contributing as a part-time podcast host on Hashtag Trending. She is a Carleton University journalism graduate with extensive experience in the B2B market. When not writing about tech, you can find her active on Twitter following political news and sports, and preparing for her future as a cat lady.

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now