The cyber insurance market will triple in size to $7.5 billion in annual premiums by 2020 but the high cost of coverage and restrictive conditions on policies may restrict growth, according to a new PwC survey.
PwC said businesses across all sectors are beginning to recognize the importance of cyber insurance, with 61% of corporate leaders now seeing cyber attacks as a threat to the growth of their business. There was an average of 200,000 global cyber security incidents a day in 2014.
The market is still relatively untapped. While some 90% of cyber insurance is purchased by U.S. companies,only around a third of U.S. companies have some form of cyber coverage. In the United Kingdom, for example, only 2% of companies have standalone cyber insurance.
“There is no doubt that cyber insurance offers considerable opportunities for revenue growth,” PwC said.
The report warns, however, that “many clients are starting to question the real value these policies offer, which may restrict market growth.”
Many insurers, PwC noted, are setting limits below the levels sought by their clients (the maximum is $500 million, though most large companies have difficulty securing more than $300 million). Policies, moreover, commonly require state-of-the-art data encryption or 100% updated security patch clauses, which may be difficult for a business to maintain.
If the insurance industry doesn’t develop attractive products fast enough, PwC said, it could face competition from “disruptors” such as Google. “I can see Google being very creative,” Paul Delbridge, insurance partner at PwC, told Reuters.
A separate report last week from German insurer Allianz said the cyber insurance market could grow to $20 billion by 2025. “There is a general trend toward tougher data protection regimes, backed with the threat of significant fines in the event of a breach,” an Allianz spokesman said.
Cyber insurance policies are designed to help companies meet costs including mounting forensic investigations and defending lawsuits. However, the head of the largest Lloyd’s of London insurer has called for governments to cover the risks of cyber attacks, saying the potential liabilities are too large for insurers to cover.