How Big Is Cyber Risk?
Cyber risk is costing the global economy $445 billion annually, $108 billion of which comes from the U.S., according to a new report.
The report from insurer Allianz Global Corporate & Specialty also predicts cyber insurance premiums will grow globally from $2 billion per year today to more than $20 billion over the next decade.
“Cyber risk is now a major threat to businesses,” Allianz said in the report. “Companies increasingly face new exposures, including first-and third party damage, business interruption and regulatory consequences.”
AGCS said the problem has become severe only in the last 15 years, though it has a particularly severe impact on the world’s top economies. Out of the $445 billion annual global cost, $200 billion-plus of that number comes from the world’s largest economies – the U.S., China, Japan and Germany. The top 10 global economies account for more than 50 percent of cyber crime costs, according to the report.
AGCS said that cyber risk remains the most underestimated by businesses. But as companies increase their awareness there remains rapid growth potential in the area for property/casualty insurance carriers.
But as premiums grow, carriers must adapt to counter the cyber risks as they evolve and change. AGCS said that cyber risks of the future will become more complex than they are now. Corporate data breaches and privacy concerns drew much of the initial attention, but future cyber issues will stem from intellectual property theft, cyber extortion, and the impact of business interruption after a cyber attack, AGCS noted.
“Within the next five to 10 years, [business interruption] will be seen as a key risk and major element of the cyber insurance landscape,” said Paul Schiavone, AGCS regional head of financial lines in North America, in prepared remarks.
Some recommendations from the report:
- Businesses need to spot key vulnerable assets and also address areas such as employee vulnerabilities.
- Businesses should create a cyber security culture.
- M&A activity and changes in corporate structures can impact cyber security and the holding of third party data.
- Cyber coverage must evolve to become both broader and deeper. Such policies should address business interruption and close gaps between traditional coverage and cyber policies.
- Cyber exclusions in P/C policies should become more common. But standalone cyber insurance will keep evolving as the main source of comprehensive cover, addressing demand from industries including telecommunications, retail, energy and transport sectors.