Commercial Cyber-Security Insurance

OLR Report 2016-R-0008 explains commercial cyber-security insurance, which typically covers a business' losses from a cyber-attack or loss of digital records containing personally identifiable information.  It includes coverage for legal fees and court judgments, business interruption, cyber-extortion, and data loss, among other risks.

A report from Allianz estimates the cyber-security market could reach $20 billion in annual premiums by 2025, and the cyber-security insurance industry is predicted to triple in size to $7.5 billion by 2020, according to a 2015 PricewaterhouseCoopers report.  Nonetheless, the federal Department of Homeland Security's National Protection and Programs Directorate suggests the private cyber-security insurance market faces significant obstacles to growth, including the lack of actuarial data and the unpredictability of the cyber-sector.

According to the Insurance Department, cyber-security insurance appears to be purchased primarily by large businesses.  Small businesses are less likely to purchase cyber insurance or have preventive measures in place.  As a result, they may be increasingly targeted for cyber-attacks and are less likely than large businesses to survive such an attack.  A study by the National Cyber Security Alliance found that 60% of small businesses close within six months following a cyber-attack.

For more information, read the full report here.