Cyber crimes have been dominating our politics, our finances andour national security.


Not a day goes by without news of another cyber attack, hacking scheme or massive databreach. They range in scale from simple identity theft of creditcard numbers or online passwords to the recent WannaCry attack byNorth Korean hackers that disrupted computer systems in Englishhospitals, Chinese universities and German railways.


According to the Identity Theft Resource Center, U.S. companiesand government agencies suffered a record 1,093 data breaches lastyear, a 40% increase from 2015.


The CEO of IBM Corp. has ominously identified cyber crime as"the greatest threat to every profession, every industry, everycompany in the world," while the CEO of Lloyd's estimated thatcyber attacks cost businesses as much as $400 billion per year.Meanwhile, the new enforcement directors at the U.S. Securities andExchange Commission recently warned that hacking crimes are thegreat threats to our financial markets. Even President Donald Trumphas acknowledged cyber theft as "the fastest growing crime in theUnited States.

Obstacles facing insurers & consumers

How can companies and consumers protect themselves and managethis increasing threat? Insurance has traditionally been aprincipal tool for mitigating risk. Yet, while worldwide spendingon cyber security products rose to a record $73.7billion in 2016, only 29% of U.S. businesses have purchased cyberinsurance.


Moreover, cyber insurance accounted for only a small fraction —between $1.5 billion to $3 billion — of the $505.8 billiongenerated in premiums by U.S. insurers. The reasons behind thestruggling cyber insurance market are myriad and traceable toobstacles facing both insurers and consumers. A recent report bythe Deloitte Center for Financial Services attempted to identifythe barriers affecting growth in this promising line ofinsurance.
From the insurers' standpoint, the lack of historical data on cyberlosses significantly inhibits their ability to build predictivemodels and properly assess cyber risk. Simply put, cyber insurancehas not been sold for long enough to develop suitable markettrends.

Vast majority of cyber crimes go unreported

The U.S. government does not maintain a centralized databasecataloging cyber attacks. Moreover, because of the sensitive natureof cyber crimes, the vast majority go unreported. With insufficientdata, insurers are loath to offer comprehensive coverage.

In addition, cyber attacks continue to evolve in scope andsophistication. Like terrorism, cyber attacks can occur at anytime, any place, and to anyone. With an unpredictable and changingunderlying exposure, insurers cannot anticipate and mitigateagainst these cyber risks.

Because of these obstacles confronting insurers, consumers face anuneven and expensive market for cyber insurance products. Insurersoffer a patchwork of various coverages, often with minimal limitsand nonstandardized language. Moreover, many companies erroneouslyassume that their general or professional liability policies covercyber risks. Errors and omissions policies, however, typically donot cover cyber thefts and hacking schemes that trick employeesinto issuing payments or divulging confidential and proprietaryinformation.

While commercial crime policies may cover the theft itself, they donot account for other cyber-related expenses like forensics, creditmonitoring, crisis management, and reputational risks. Yet,standalone cyber policies lack standardized language within theindustry. Differing terminology from insurer to insurer inhibits abuyer's ability to compare coverage and pricing. This also affectsclaims management and coverage disputes, as courts have not beenable to interpret and enforce uniform cyber insurance provisions toprovide clarity to both insurers and insureds.

Steps to wide-ranging coverage

Despite these hurdles to a thriving cyber insurance market,Deloitte offered several concrete steps to facilitate access towide-ranging coverage that is both simple and affordable. Asfrequent targets of hackers, insurers can draw on their owncybersecurity experiences to develop more accurate predictivemodels.


Following the lead of U.S. intelligence agencies, insurers couldalso partner with IT professionals and former hackers in order tounderstand the scope and nature of cyber losses. Alternatively,insurers could issue more specialized cyber products tailored tospecific types of exposure such as data breaches or specific areasof technology in order to better assess their risks on a smaller,more manageable scale. Furthermore, insurers could provideall-inclusive cyber risk management services and post-loss recoverysupport with their insurance products. This will benefit consumersand businesses by helping prevent cyber incidents from occurringand ultimately lowering premiums, while also decreasing lossfrequency for insurers and bolstering account retention.


In the next decade, the proliferation of driverless cars andride-sharing will likely hurt the insurance industry's mostprofitable line of business, auto coverage. Moreover, automationand the changing nature of the nation's labor force will inevitablyaffect another large line, workers' compensation. Accordingly,cyber insurance is one of the few promising areas for long-termgrowth.


With an ever-increasing spotlight on cyber crimes and hacking,consumer interest in insurance products to protect against thoserisks will only intensify. If the insurance industry does notbecome a more reliable provider of comprehensive and affordablecyber coverage, insurers will be left behind as businesses seekalternative methods of managing risk.

Complete your profile to continue reading and get FREE access to BenefitsPRO, part of your ALM digital membership.

  • Critical BenefitsPRO information including cutting edge post-reform success strategies, access to educational webcasts and videos, resources from industry leaders, and informative Newsletters.
  • Exclusive discounts on ALM, BenefitsPRO magazine and events
  • Access to other award-winning ALM websites including and

© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.