Insurability of Cyber Risk

Insurability of Cyber Risk by Christian Biener, Martin Eling and Jan Hendrik Wirfs

Christian Biener, Martin Eling and Jan Hendrik Wirfs provide a definition and market overview of cyber risk, and discuss its insurability to shed light on the causes of insufficient cyber insurance market development.

Introduction

Every reported incident of data breach or system failure resulting in high financial or reputational loss increases decision-maker awareness that current insurance policies do not adequately cover cyber risks. There are many examples of the high economic and social relevance of cyber risk such as the recent NSA, Sony, or LGT data breaches. Recently, the G20 group denoted cyber attacks as a threat to the global economy - an assessment that is not surprising considering that expected annual losses from cyber risk are estimated between US$300bn and US$1tn, whereas the respective 10 -year average for catastrophic losses is only US$200bn.3 Insurance is seen as one possibility for managing cyber risk exposure. The market, however, lags behind the expectations for this potentially huge new line of business with penetration levels estimated between 6 per cent and 10 per cent of companies. In our analysis, we discuss the adequacy of insurance solutions to manage cyber risk.