Cyber insurance: more firms seek protection from hackers

Jan 16, 2014

'Significant growth' in cyber insurance sales amid rising security breaches such as attack on Target

AFP/Getty Images

AN INCREASING number of companies are buying cyber insurance to protect themselves from hackers, according to AIG, one of the largest insurers in the United States.

AIG reported "significant growth" with sales of anti-hacking policies jumping 30 per cent last year compared with 2012.

Cyber attacks are believed to be on the rise globally. High-profile incidents include a massive data breach at US retail giant Target last month, which exposed the credit and debit card details of around 70 million customers.

However, the market for cyber insurance policies remains "a patchwork of highly-customised policies dominated by a few big insurance providers", says the Financial Times.

"It's an immature market," says Karl Schimmeck, vice president of financial services operations at Sifma, an industry group for financial companies that last year spearheaded a simulation of a cyber attack on Wall Street. "The risks are not very well understood. There's not a lot of historical information that insurance companies can call on to quantify their risk. That's part of the problem."

According to Computer Weekly, cyber insurance tends to cover areas such as the costs of managing a cyber attack, legal expenses, regulatory fines and third party damages.

Last year, a report from Betterley Risk Consultants estimated that the annual gross written premium for US cyber insurance policies was $1.3bn, while credit checking firm Experian said that only 31 per cent of US companies had cyber insurance policies. Many companies remain reluctant to pay for protection because they fear it might not cover the full fallout, says the FT.

The US government is hoping to encourage growth in the market to ensure more companies protect themselves from the financial impact of cyber attacks.

Meanwhile, the UK government is expected to warn companies later today of the increased risk of cyber attacks when conducting mergers and acquisitions, due to sharing information between participants electronically.

Sign up for our daily newsletter