The cyber insurance gap is “disproportionately high” amid an imbalance in cyber risk awareness, capacity and protection, according to a new survey by Munich Re.
The 2022 Global Cyber Risk and Insurance Survey comprises 7,000 participants from 14 countries, across various industries and company sizes.
The survey report estimates that global cyber insurance premiums stood at US$9.2 billion at the beginning of 2022, with projections to reach approximately $22 billion by 2025.
Data from Munich Re demonstrates that, on a global level, cyberattacks have increased year-on-year as a result of digitalisation, exacerbated by the COVID-19 pandemic, and particularly within the IT, finance and telecommunications sectors. Respondents identified online fraud (46 per cent), data theft (43 per cent) and ransomware (28 per cent) as the most common types of attack that had affected their business.
Despite possessing the highest prevention capabilities and IT budgets, 60 per cent of large corporations (organisations with more than $5 billion in sales) were heavily affected by ransomware or a cyberattack causing fraud or breach of data.
Munich Re notes that the awareness of managers on cyber risk (beyond incidents affecting their own company) has risen by nearly 10 per cent compared to the 2021 survey — however, the perception of the commercial cyber threat landscape and how best to address it still varies greatly by region.
Globally, a massive 83 per cent of C-level respondents say their own organisation is not adequately protected against cyber threats.
Respondents say the main challenges in improving cyber resilience in their company include low security awareness among employees, lack of skilled personnel, poor interoperability of security solutions, and a lack of collaboration between individual departments.
Despite this, Munich Re notes a 21 per cent increase in the number of companies that have purchased cyber insurance — particularly in the IT, healthcare and finance sectors, which are generally the most affected by cyberattacks.
A further 35 per cent of surveyed decision makers say they are considering purchasing cyber insurance as an essential part of their risk management programme.
However, Munich Re’s survey also found that the insurance industry is lacking in promoting awareness about the security solutions and protection available; 33 per cent say they have never been offered cyber insurance by their insurer, while 20 per cent actively decided against cyber insurance or did not consider insurance protection at all.
For the latter, 29 per cent of respondents said this was because the price of coverage was too high. Other factors included a lack of understanding about the product, and a perceiving the scope of coverage as insufficient.
The report says: “The business potential for the insurance industry remains extremely high in the cyber line of business. However, the results of our study show that the insurance industry must become even more active in sales and explanation.”
Munich Re concludes by emphasising that building cyber resilience requires insurers to explain the importance and availability of such measures for cyber risk exposure. Although recognising pricing challenges, such as a lack of historical data and inconsistent attack reporting obligations, the report underlines the importance of leveraging any available data to reshape cyber risk assessment and better explain the modelling of cyber risks to insureds.
Captive Insurance Times recently published a feature examining how the evolution of cyber risk has led to more companies considering captives to close coverage gaps left by the expensive commercial market.