cutimage - Fotolia

Cyber insurance set to grow as compliance pressure mounts

So far cyber insurance has yet to take off but that should change as the pressure to show data protection measures have been taken increases

Cyber security insurance is probably not something that the channel is pitching regularly as the market is still in its infancy but things are expected to change as a result of the need for firms to demonstrate compliance.

So far the idea of cyber insurance has been either sold as a bit of a gimmick, with one antivirus firm promising to payout on a claim if its software ever failed, or as something that would be considered by the major enterprises.

The potential market is expected to widen as more businesses take out some form of cyber insurance to protect themselves from the financial costs of an attack.

However for that to happen many more customers are going to have to get their own houses in order to show that they have not only understood the latest risks but are in a position to do their best to defend against them.

The pressure is on because of the push by various authorities to increase the focus on data protection and there is more coming with the EU Data Protection Act yet to kick in.

“There is a general trend towards tougher data protection regimes, backed with the threat of significant fines in the event of a breach," said Nigel Pearson, who is globally responsible for cyber insurance at Allianz Global Corporate & Specialty (AGCS).

The insurance firm has undertaken its own survey to gauge just what is happening in the market and has concluded that the global cyber insurance market is set to reach $20bn by 2025 and the pressure to increase security will continue to increase.

As a result of the growth of IoT as well as a move by cyber criminals to move beyond developing threats that target privacy and reputational areas of the business.

The sort of attacks that will increase include those designed to cause operational damage, business interupption or potentially catastrophic losses.

So far there haven't been too many examples of what a catasrophic attack but there are warnings that one could occur as a result of a breach of the core infrastructure or for a cloud service provider a major outage that brings the service down.

AGCS concluded that the best strategy is for all of the stakeholders in a business to understand the threats and come up with a strategy that includes strength and depth.

“As recently as 15 years ago, cyber-attacks were fairly rudimentary and typically the work of hacktivists, but with increasing interconnectivity, globalization and the commercialization of cyber-crime there has been an explosion in both frequency and severity of cyber-attacks,” said AGCS CEO Chris Fischer Hirs.

“Cyber insurance is no replacement for robust IT security but it creates a second line of defense to mitigate cyber incidents. AGCS is seeing increasing demand for these services, and we are committed to working with our clients to better understand and respond to growing cyber risk exposures," he added.

Currently the level of firms purchasing cyber insurance stands at below 10% but AGCS expects that to increase globally from the current value of $2bn to more than $20bn in the next ten years, delivering a compound annual growth rate of 20%.

The spending on insurance should increase as the awareness of the risks and the losses caused by business interruption climbs in customers.

There are signs that although users might not have got to grips with what the insurance business is offering them they have understood the need to increase security. The expectation of AGCS is that

Research from TechTarget querying IT buying decisions found that the money being put aside for security is increasing in the next 12 months as more customers start to understand the need for improved defences.

It follows on from the latest data breaches report in June from PwC stating that being attacked was now inevitable for any size of firm as the cyber criminals increased their range of potential targets.

Read more on Data Protection Services