According to Orbis research the cyber insurance market is expected to reach $17.55bn by 2023. Ten, fifteen, years’ ago this wasn’t an industry that existed. Such are the times we live in that there is now money to be made, and lost, on cyber security insurance.
And times are tough. Breaches that register terrabytes are starting to become common place and companies report continuous prolonged attacks, day in day out. 20% have experienced attacks daily, a fifth weekly and a third monthly. What’s more some 57% of companies have reported a data breach as a result of attacks in the last year. That’s hard to swallow in a GDPR world.
But it’s not surprising when you learn that in Europe, two thirds of companies believe their networks are susceptible to attack. It’s a natural state and although companies are spending somewhere between 30 and 40% of the security budgets on new forms of AI solutions, they rely heavily on their security vendor and, unfortunately for some, manual troubleshooting to keep them safe.
Is it any wonder then that they are turning to insurance? Especially given half of attacks cost between $500,000 and $10m, and the average attack represents $4.6m in losses and around £100,000 to win customers back after a breach.
Yet the current Mondelez case highlights that cyber insurance could leave companies with a false sense of coverage. When NotPetya struck it caused hundreds of millions of dollars’ worth of damage. But it was deemed an “act of war” instead of just a cyber attack and therefore not eligible for a pay out, under the ‘war exclusion’ clause.
Looking at the market as a whole, these types of clauses, in effect protect the insurer from highly destructive global attacks. And with nation state attacks become more prevalent and highly effective in stealing both Intellectual

View Entire Article on