March 30, 2016
Commercial Cyber-Security Insurance
OLR Report 2016-R-0008 explains commercial cyber-security insurance, which typically covers a business' losses from a cyber-attack or loss of digital records containing personally identifiable information. It includes coverage for legal fees and court judgments, business interruption, cyber-extortion, and data loss, among other risks.
A report from Allianz estimates the cyber-security market could reach $20 billion in annual premiums by 2025, and the cyber-security insurance industry is predicted to triple in size to $7.5 billion by 2020, according to a 2015 PricewaterhouseCoopers report. Nonetheless, the federal Department of Homeland Security's National Protection and Programs Directorate suggests the private cyber-security insurance market faces significant obstacles to growth, including the lack of actuarial data and the unpredictability of the cyber-sector.
According to the Insurance Department, cyber-security insurance appears to be purchased primarily by large businesses. Small businesses are less likely to purchase cyber insurance or have preventive measures in place. As a result, they may be increasingly targeted for cyber-attacks and are less likely than large businesses to survive such an attack. A study by the National Cyber Security Alliance found that 60% of small businesses close within six months following a cyber-attack.
For more information, read the full report here.