Cyber insuranceSurge in cyberattacks drives growth in cybersecurity insurance

More than 3,000 American businesses were hacked in 2013, many of them small and mid-size firms without cybersecurity insurance, according to the Center for Strategic and International Studies. That surge in cyberattacks has led to a growing cybersecurity industry, with firms offering products and solutions to secure network systems.

Insurance companies are also claiming their stake in the booming industry. Today, roughly fifty U.S. companies offer cybersecurity insurance. “Cyber-insurance is a rapidly growing new frontier for the insurance industry,” said Robert P. Hartwig, president of the Insurance Information Institute. “We’re seeing record interest in the product because it advertises itself each time you hear about another major cyber-breach.”

Last week, Ridge Insurance Solutions, founded by Tom Ridge, the first DHS chief, began offering cybersecurity insurance. The Washington, D.C.-based firm will offer insurance policies of up to $50 million, targeted at small to mid-size firms which specialize in financial services, retail, health-care, and energy. “These are companies that can’t afford the high-level, multi, multimillion-dollar security efforts that the larger corporate enterprises do,” Ridge told the Washington Post. “This is a (service) that is desperately needed even though it is in its infancy.”

The growth in total cyber-insurance premiums will be driven by technology firms, financial institutions, healthcare providers, and retailers. “All of those businesses have critical data that they need to insure against any kind of unauthorized disclosure of that data,” said Matt McCabe, senior vice president for network security and privacy at Marsh. “But we’re also seeing many other types of companies that are becoming more interested: Power and utilities are purchasing cyber; manufacturers are increasing numbers; life services companies — any company that focuses on logistics.”

An effective cyber-insurance policy can protect a policyholder from millions of dollars in losses. Executives at Target Co. estimate that last year’s data breach has cost the firm $146 million to date. Some firms are even beginning to hire public relations firms specializing in issues of data breaches. Supermarket chain Publixannounced last week its search for such a firm.

“This is one of those things we all take very seriously as an industry,” said Maria Brous, Publix’s director of media and community relations. “We have to be just as serious about the public relations aspect as about the security aspect.”

To protect their assets, at least 75 percent of businesses with more than $1 billion in annual revenue are expected to have cybersecurity insurance within the next few years. Betterley Risk Consultants reports that American businesses will spend up to $2 billion on cyber-insurance premiums this year, a 67 percent increase from the $1.2 billion spent in 2013. Four years ago, cyber-insurance premiums totaled just $600,000, still an increase from what companies spent on cyber-insurance in the 1990s, when only a few insurance providers offered cyber-protection. “We didn’t worry about breach response back then,” said Richard Betterley, president of Betterley Risk Consultants. “That wasn’t what they were trying to insure. They were trying to insure liability, theft of data, shutting down somebody’s Web site, things like that.”