Cyber insurance: strengthening resilience for the digital transformation

The cyber risk landscape is rapidly evolving and cyber attacks have increased. However, most businesses and households are uninsured or significantly under-insured. Cyber insurance premiums amount to just a fraction of total losses from cyber attacks, with estimates putting the protection gap at 90%. There is much work to do to ensure sufficient risk protection is available to make society more resilient to cyber risk, and this effort will require collaboration between businesses, the insurance industry and government.

A first requirement is to improve data quality and modelling for more accurate pricing. Cyber risks are difficult to quantify due to a lack of standardised data and modelling constraints, and also because of the high degree of uncertainty around expected losses and potential for loss accumulation. Future risks are typically inferred based on backward-looking data, but this approach is of limited value in the rapidly changing environment of cyber risk. Re/insurers must also invest in the cyber workforce, to help strengthen the actuarial, technical and forensic skills needed for the underwriting and claims management cycles.

Second, re/insurers should update policy language for clarity and consistency, with more standardisation around exclusion clauses and terms and conditions. Exposures to hard-to-insure systemic risk scenarios remain a barrier for industry capacity. Stakeholders have taken steps to fix some of these issues, but factors such as attribution of cyber events remain a core problem. Clarifying the scope of coverage can lead to increased cyber capacity.

Finally, there is scope for new types of public-private risk sharing mechanisms. A public-private partnership insurance scheme where coverage of systemic risks such as threats to critical infrastructure is split between insurers and a government(s)-backed fund, is one option. Another is to tap into alternative capital, such as by developing a market for cyber-insurance-linked securities.


Expertise Publication Cyber insurance: strengthening resilience for the digital transformation



Find further cyber related content

​Advancing the societal benefits of digitalisation

The combination of increasing computing power and vast volumes of data advances the ability to detect, mitigate and even predict risks. But it must be coupled with trust and ethics to be truly effective.