The cyber insurance market is booming. Seems like everyone wants to get a policy to transfer risk. And why not? Insurance is a useful risk management tool in so many other situations: General liability, property damage, errors and omissions, etc. The question on everyone’s mind is: How much for a cyber policy?
How big is the market getting? According to David Bradford, co-founder and chief strategy officer at Advisens, an advisor to the insurance industry:
The market for cyber insurance in 2015 was $2.5 billion. For 2020 it’s estimated anywhere between $5 billion and $10 billion. By comparison, workers’ compensation insurance is a $55 billion market.
Bradford says this is roughly what you can expect to pay for a year of coverage:
- For companies with less than $500 million in revenue, policies with limits of between $1 million and $5 million cost between $2,000 and $5,000.
- For companies with more than $500 million in revenue, for a policy with limits of $5 million to $20 million, premiums will range from $100,000 to $500,000.
There’s a big caveat, though: Even though about 60 companies are writing cyber insurance policies today, in my experience many are making it up as they go along. Terms, conditions, coverages, exclusions, and risk assessments are all over the place. Unlike a commercial fire policy, there’s almost no standardization.
Insurance companies aren’t even in agreement about what factors indicate a decreased risk of policy holder filing a claim. And that can translate to higher (or lower) premiums than required to cover the risks. At this point, it’s reasonable to wonder if your claim will be paid at all. The litigation over cyber coverages is just getting started.
If you want to go forward with buying a policy, get yourself a reliable broker and get ready to do some serious comparative shopping. Buyer beware!