Direct written premiums for cyber insurance worldwide are projected to reach $23 billion by 2025, with U.S. businesses accounting for 56% of the total, according to a new report by the Insurance Information Institute (Triple-I). The report, titled "Cyber Insurance: State of the Risk," highlights two primary factors driving this trend.

The first factor is the ever-present threat of data breaches and cyberattacks. With the increasing reliance on Internet of Things (IoT) technologies, the expansion of remote work, and the greater use of cloud data storage, U.S. businesses are facing broader exposure to these risks.

The second factor is the improvement in policy coverage and exclusions by insurers. This has helped risk managers better understand the value of cyber insurance and has enabled insurers to manage costs and maintain rate stability. Triple-I's report emphasizes that purchasing cyber insurance as a standalone policy can significantly lower the cost to a business in the event of a data breach or cyberattack involving sensitive information.

"In 2023, the average data breach cost for organizations climbed higher than ever, to $4.45 million," stated Triple-I's report, citing IBM's Annual Data Breach Report. This represents a 15% increase over 2020 and a 2.3% increase over 2022.

The global cyber insurance market has experienced significant growth in recent years. According to the Swiss Re Institute, the market tripled in volume from 2017 to 2022, with worldwide direct written premiums estimated at $13 billion. The National Association of Insurance Commissioners (NAIC) and the U.S. Homeland Security Department's Cybersecurity and Infrastructure Security Agency (CISA) have taken notice of this trend, especially considering that more than half of these premiums are paid by U.S. businesses.

To keep up with the evolving risks, insurers are adopting a more sophisticated approach to underwriting and strengthening policy wording and exclusions. However, Triple-I's report highlights the need for more robust data on cyberattacks and breaches to effectively predict and manage liability.

As businesses continue to face the growing threat of cyber risks, cyber insurance is becoming an essential part of a robust business strategy. It provides coverage for legal fees, repairing digital infrastructure, restoring clients' personal information, and recovering proprietary data. With the cyber insurance market projected to grow dramatically in the coming years, businesses must carefully consider their risk exposure and ensure they have adequate coverage to mitigate potential financial losses.

Source: Insurance Information Institute's (Triple-I) Issues Brief