Premium Protection

Dr Florian Kerschbaum, the executive director of the Waterloo Cybersecurity and Privacy Institute in Canada, has been observing the cyber insurance market since the late 1990s.

More recently, his personal experiences, not just his academic work, have indicated to him the possible need that both individuals and businesses may have for cyber insurance.

“I’ve been offered identify fraud insurance by a whole bunch of insurers which would be targeting the individual,” says Dr Kerschbaum, an associate professor at the University of Waterloo, where the institute he directs is based.

“And I know a local doctor in the town who’s been hacked. Their general liability insurance in this case covered cyber security and they were covering the costs of [fixing] the system so I think particularly the small [businesses] are the ones who should take out cyber insurance.”

Dr Kerschbaum’s experiences hint at a wider trend: as cyber threats appear to grow, cyber insurance is becoming ever more important and the sector is expanding fast, in contrast to earlier years, when it often failed to meet growth forecasts. The increased profile of the sector has been noticed by others.

“I’ve been dealing for the last two years with SMEs [small and medium-sized enterprises]. At the start of 2016, very few had even heard of cyber insurance. Today, a majority of SMEs have implemented it in some level. That might be very, very low level, but they’ve got some support,” says Jake Moore, a cybersecurity specialist with the UK-based internet security and anti-virus company ESET.

Statistics back this up. The cyber insurance market was worth $4.2 billion in 2017, according to Indian-based Zion Market Research, approximately a tenfold increase on a decade earlier. The overwhelming majority of coverage was in the United States.