How big is the cyber insurance market?



Cyber insurance is the industry underdog that is rapidly gaining traction. Since 2017, Fitch Ratings estimates gross written premiums in this area have more than doubled with an annual growth rate of 22%. 


Despite its fast expansion, cyber insurance remains a relatively small business line in property and casualty insurance in the US, representing around 1% of direct written premiums. Fitch Ratings estimates 50% of the market is dominated by just five companies. Chubb Limited, AXA XL, and the American International Group are the top three in that space. Even though the market is dominated by these legacy organisations, start-ups specialising in the cyber insurance space have gained the attention of investors. At-Bay raised $185 million in Series D funding in July, Coalition Inc raised $175 million in March, while Corvus Insurance raised $100 million in the same month.


These large investment rounds signal that investors believe cyber insurance has the potential to be lucrative because its CAGR of 24.3% is estimated to make the industry swell from $7.8 billion in 2020 to $20 billion in 2025. Moreover, the following trends indicates a growing demand for protection against cyber attacks:


  • The take up rate of cyber policies grew from 26% in 2016 to 47% in 2020. 


  • Cyber insurance direct written premiums for the property/casualty industry rose by 22% in 2020 to $2.7 billion. Businesses wanted protection against hacks, ransomware, and data theft as more people shifted to remote work during the COVID-19 pandemic. 


  • There is growing interest in standalone cyber insurance coverage. GWP for this specialised form of coverage grew by 29% between 2019 and 2020 as businesses demanded more clarity in coverage, and protection from a rise in network intrusions, data breaches, and ransomware incidents during the pandemic.

In order to tap into rising interest in standalone cyber coverage, insurers need the agility to synthesise and analyse data in real time to determine if protection should be given to losses arising from various types of cyber incident losses. These include costs arising from data destruction and/or theft, extortion demands, hacking, denial of service attacks, crisis management activity related to data breaches, and legal claims for defamation, fraud, and privacy violations. 


The ability to cater to these situations will gain traction as the broad technological trends of our time i.e. cloud computing, 5G, and data analytics are here to stay. In other words, cyber risk will continue to exist and evolve so companies need help managing that risk.


By requiring a level of security as a precondition of coverage, businesses will be encouraged to adopt better security practices to receive lower insurance rates. This helps companies internalize the benefits of good security, which in turn leads to greater investment and improvements in cyber security. 


To find out how PolicyDock can be your partner in cyber insurance, contact us here.


Related content: