Why cyber insurance grew in popularity in 2015

Why cyber insurance grew in popularity in 2015

by Dr. Grigorios Fragkos, VP Cybersecurity

The Cyber Liability Insurance Cover (CLIC) or otherwise referred to as cyber insurance, is a market that grew significantly in 2015. One of the main factors that significantly contributed to this growth is the constant increase of threats in the cyber space and more specifically the high profile data breaches that took place during the past few years.


As a result of these data breaches, companies were taken to court and were forced to cover, not only the losses, but also  the extra costs for the data breaches as well. In most cases, these additional costs included crisis management, legal costs, reputational damages, engaging in identity theft resolution, credit and fraud monitoring and further technical costs as well.


The potential threat of a breach and the inevitable consequences, has established not only a need but also a demand for a cyber insurance market. This has also been highlighted by a cyber survey conducted by RIMS. The survey showed that 74 percent of companies without Cyber insurance will purchasing it within the next two years.


Likewise, by 2025 the total annual premiums for stand-alone cyber insurance are projected to grow to $20 billion.


Even though cyber liability insurance cover has been around for almost ten years, most security professionals are not familiar with the subject or do not know it even exists. Until recently, many professionals in the information security community used to say that you have either been breached, or you just do not know it yet.


Webpage URL

Find out more about our Cyber Security and Compliance Solutions

Request a Callback

Until now, cyber insurance has been most successful in countries where the risk transfer option is essential due to breach notification laws. In the UK, the notification of breaches is deemed mandatory by the EU Data Protection Regulation.


However, the regulation is expected to be formally adopted by the European Parliament and Council within the next six months and the new rules will become applicable within the next two years. On the other hand, the US already have mandatory requirements for data breach notification in forty-seven states, the District of Columbia, Guam, Puerto Rico and the Virgin Islands.


Cyber insurance may overlap with cover of existing products an organisation may already have in place, such as business continuity plans. Keep in mind that a decent cyber insurance policy will ensure that cyber risks are fully covered and will extend to describe a broad range of information security related tools, processes and services. Briefly, a Cyber insurance policy should include:


  • Data breach and crisis management cover. This may include expenses for managing the incident, the investigation and computer forensics cost, the remediation phase, legal costs, identity theft resolution, credit and fraud monitoring, court attendance, data subject notification costs and regulatory fines.
  • Extortion and financial losses due to fraud. This may include any losses due to a threat of extortion and/or financial losses due to fraud, which should include professional fees related to dealing with the extortion.
  • Third-party damages. This may include the cost of data theft that belongs to third-parties and intellectual property rights infringement, other damages due to a “denial of access” and any third-party systems being affected.


At the moment, cyber insurance policies can be found with a $100 million limit. However, large policy holders are expected to be able to obtain maximum limits between $350 million and $400 million. In 2015 there was a spike in the cost of cyber insurance renewals for Point-of-Sale retailers and large health care companies.


The talent gap, especially with expertise in both insurance underwriting and cyber security is affecting both the number of cyber insurance carriers in the market and the cost of obtaining a cyber insurance plan. Despite the additional cost in the yearly budget, it is expected that the option of purchasing cyber insurance as a risk mitigation tactic will start to become a prioritised item in the annual bucket list.


The costs of a potential breach has made cyber insurance way more attractive for a large number of businesses.


Even though a cyber insurance plan is capable of mitigating the risk of a data breach, it is most effective when the Cyber Security of data, products, systems and services is taken equally seriously.


Cyber insurance needs to be seen as an enabler for protecting an organisation in case of a data breach when it can prove that it took all necessary steps to ensure the cyber security of its infrastructure and acted in due diligence.


Like this Article?

Subscribe to receive more tips & news about Cyber Security, Compliance and a lot more!

  • Sysnet Global Solutions will use the information you provide on this form to be in touch with you regarding non-promotional as well as promotional material by email and phone. If you agree to same, then please select the ‘I consent’ box after reading the terms and conditions listed below in relation to consent. You can change your mind at any time by clicking the unsubscribe link in the footer of any email you receive from us, update your preferences for communications, content etc. by clicking on the update my preferences button in any email we send you or by contacting us at marketing@sysnetgs.com We will treat your information with respect. For more information about our privacy practices please visit our website. By clicking below, you agree that we may process your information in accordance with these terms. We use Pardot as our marketing automation platform. By clicking below to submit this form, you acknowledge or agree that the information you provide will be transferred to Pardot for processing in accordance with their Privacy Policy and Terms