Blog Img

Cyber risks: the impact on the US insurance market

Back to Blogs

Businesses across every industry rely heavily on digital communication, cloud computing and the online storage of confidential data. Although this increased use of digital and remote solutions has unlocked a number of benefits, particularly around improved data accuracy and greater service innovation, it also opens businesses up to cyber risk.

Statista reports that according to Chief Information Security Officers (CISO) “three in four companies in the United States were at risk of a material cyberattack [in 2023, and] the number of cyberattacks [has increased] in recent years, amounting to 480 thousand in 2022” (Statista: The impact of cybercrime on companies in the US). Furthermore, the cost to the US economy is worrying, with researchers expecting it to reach around $452 billion by the end of 2024.

Consequences for businesses are severe, with attacks impacting business stock price and leading to reputational damage. Cyber incident’s also directly impact a company’s resource resulting in increased costs and revenue loss. In 2022 “the global average cost of a data breach [averaged] $9.44 million in the US” (Harvard Business Review: The devastating business impacts of a cyber breach). These consequences limit a company’s ability to maintain its market position and attract customers and investors.

US businesses are significantly under-insured

Research suggests that most businesses are under-insured and under-prepared for emerging cyber risks, putting them at a concerning high risk of attack. The frequency and magnitude of these risks and their impacts are evolving due to the tools and capabilities now accessible in the digital world. Munich Re state in their 2024 cyber risks report that “87% of global decision makers say their company is currently not adequately protected against cyber-attacks” (Munich Re: Cyber insurance, risks and trends).

Last year saw a 65% increase in overall cyber claims reported in the US year on year (Aon: U.S. Cyber Insurance, market trends and opportunities). There are three common types of cyber-attack which are becoming a daily occurrence for businesses; ransomware, data breaches, and artificial intelligence and machine learning-driven cyber-attacks.

Ransomware

Ransomware is set to become even more competitive and sophisticated across dark web markets. The U.S. deputy national security adviser for cyber has stated ransomware is “wreaking havoc around the world” (The Record: White House official says insurance companies must stop funding ransomware payments).

There was a 214% increase in ransomware activity in Q4 2023 year on year, with cyber insurance reports suggesting this has increased again in 2024 (Munich Re: Cyber insurance, risks and trends). The practice will not only fuel crimes such as fraud along with propelling the cyber-crime eco-system, it will also damage reputation, financial stability, and custom for businesses.

Data breaches

Despite privacy regulation being set to cover three quarters of consumer data, a large 60% of all regulated entities will struggle to fulfill obligations to intensify data protection and privacy requirements, due to the high rates of data growth (Munich Re: Cyber insurance, risks and trends). This data growth is driven by an increased reliance on technology, leaving businesses in a position where a percentage of their data will be left vulnerable to breaches and other cyber-crimes.

Artificial Intelligence driven cyber attacks

Cyber criminals use AI and machine learning to compromise digital security, these are known as AI-driven cyberattacks. In this instance cybercriminals train sophisticated robots to socially engineer targets at unprecedented speed and scale. Hackers are able to use AI to analyze and test strategies enhancing their likelihood of access. Technology specialists predict that these types of attack will only grow as AI methodology advances and use of machine learning becomes more readily available.

Challenges for insurers

The global cyber insurance market has reached a size of $14 billion in 2023 and is estimated to increase to around $29 billion by 2027. Insurers face major challenges given the dynamic evolution of cyber risks and the speed at which hackers are able to operate. Statista forecasts that the annual global cost of cybercrime will reach $13.8 trillion by 2028, a significant increase from 2023 figures that neared $8.15 trillion (Munich Re: Cyber insurance, risks and trends). Though the industry has proven its resilience to economic and social advancements throughout history, the rapid rate and scope of cyber threats are significantly difficult to tackle in a still maturing market.

How insurers can better manage cyber risk

Insurers play a key role in strengthening cyber resilience, supporting clients to predict vulnerabilities and mitigate risks.

The US national cybersecurity strategy relies heavily on private sector support by urging businesses to play their part in safeguarding the digital world. Rise in digital practices do increase cyber threats but it is important to remember that even the most advanced artificial intelligence data breaches and phishing scenarios will still involve a human element in approximately 90% of incidents (Forrester: The future is now, introducing human risk management). By understanding associated risks and staying ahead of developments, insurers are better equipped to quantify and price for better cyber protection.

Aside from risk transfers and federal backstops, below are three key areas insurers should consider when dealing with building better cybersecurity eco-systems:

  • Risk management through collaboration – Insurers should seek to understand how current and future changes alongside different insurance policies work together to create security and resilience. Be proactive and engage with experts and knowledgeable industry professionals to consistently stay ahead with new information.

  • Stay ahead of AI driven attacks – Consider how regulations, machine-learning, and AI are being used for and against businesses by assessing the internal threat on a case-by-case basis. Interact with industry experts who understand advances in AI driven cyber-attacks, can offer solutions and find hidden risks.

  • Communicate and educate – Engage with colleagues and customers alike with relevant information on how to avoid cyber risks. Provide actionable advice to customers on the communications and processes they should expect from you along with common fraudulent tactics.

Access our Artificial Intelligence workplace trends report to understand more around AI and its associated risks and benefits for the insurance world. Looking to speak to an expert about business growth, your hiring strategy, or roles in the industry? Get in touch with one of our specialist consultants.

Sources

Aon: U.S. Cyber Insurance, market trends and opportunities
Forrester: The future is now, introducing human risk management
Harvard Business Review: The devastating business impacts of a cyber breach
KPMG: Seizing the cyber insurance opportunity
Lawfare: If cyber is uninsurable the United States has a major strategy problem
Marsh: Ransomware, a persistent challenge
Munich Re: Cyber insurance, risks and trends)
Statista: The impact of cybercrime on companies in the US
The Record: White House official says insurance companies must stop funding ransomware payments