U.S. Cyber Insurance Market Demonstrates Growth, Innovation in Wake of High Profile Data Breaches

I.I.I. White Paper Examines Cyber Security Landscape; How Insurers Assess and Underwrite New Risks


New York Press Office: (212) 346-5500; media@iii.org


NEW YORK, October 21, 2015 —U.S. businesses spent more than $2 billion for cyber insurance last year as interest in this coverage grew dramatically following numerous high profile data breaches, according to the Insurance Information Institute (I.I.I.). 


“More than 60 carriers offer stand-alone cyber insurance policies, and Marsh, a major insurance broker, estimates the U.S. cyber insurance market was worth over $2 billion in gross written premiums in 2014, with some estimates suggesting that figure has the potential to triple by 2020, growing to $7.5 billion,” stated Dr. Robert Hartwig, president of the I.I.I. and an economist. Hartwig co-authored the I.I.I.’s newly released white paper, Cyber Risk: Threat and Opportunity, along with Claire Wilkinson, who writes the I.I.I.’s award-winning Terms + Conditions blog.


The white paper examines where the cyber threats are coming from—from foreign governments and criminal enterprises to disgruntled employees—and how U.S. businesses can protect themselves from the substantial economic fallout of a data breach. The paper also surveys the rapidly evolving market for cyber insurance, including pricing and limits purchased.


“A proliferation of high profile cyberattacks and data breaches ensures that businesses, governments, law enforcement, cyber security experts and consumers around the world are paying close attention to the risk of cyberspace and developing a corresponding response,” Dr. Hartwig said.


Indeed, “Cyber Crime, Information Technology (IT) failure, espionage” climbed to number five on Allianz’s Top 10 Global Business Risks for 2015. It had ranked at number eight in 2014, the same year 783 data breaches were reported by U.S. businesses, most of them medical/healthcare organizations, according to the Identity Theft Resource Center.


The I.I.I. found that today’s stand-alone cyber insurance policies typically feature the following coverages:


Liability—Covers the costs (e.g., legal fees, court judgements) incurred after a cyberattack, such as data theft, or the unintentional transmission of a computer virus to another party, causing them financial harm.


Crisis Management—Covers the cost of notifying consumers about a data breach that resulted in the release of private information, and providing them with credit monitoring services, as well as the cost of retaining a public relations firm, or launching an advertising campaign to rebuild a company’s reputation.


Directors & Officers (D&O)/Management Liability—Covers the cyber liability risks faced individually by a company’s key decision makers while acting on behalf of the company.


Business Interruption--Covers loss of income due to an attack on a company’s network that limits its ability to conduct business.


Cyber Extortion—Covers the “settlement” of an extortion threat against a company’s network, as well as the cost of hiring a security firm to track down the blackmailers.


Loss/Corruption of Data—Covers damage to, or destruction of, valuable information assets as a result of “viruses, malicious code and Trojan horses,” the white paper states.


Reporters interested in interviewing an I.I.I. cyber insurance subject matter expert can contact Michael Barry, vice president, Media Relations, I.I.I., at 212-346-5542 or michaelb@iii.org.




The I.I.I. has a full library of educational videos on its You Tube Channel. Information about I.I.I. mobile apps can be found here.



Insurance Information Institute, 110 William Street, New York, NY 10038; (212) 346-5500; www.iii.org

Back to top