Cybersecurity Insurance is Missing the Risk

First published by HelpNetSecurity — Matthew Rosenquist

Cybersecurity insurance is a rapidly growing market, swelling from approximately $13B in 2022 to an estimated $84B in 2030 (26% CAGR), but insurers are struggling with quantifying the potential risks of offering this type of insurance.

The traditional actuary models do not apply well to an environment where highly motivated, creative, and intelligent attackers are dynamically pursuing actions that cause insurable events. Accurate estimation of losses is key to determining customer premiums. But even after two decades, there’s a wide range of loss ratios between insurers (-0.5% to 130.6%). The underwriting processes are not robust enough to properly estimate the losses and accurately price reasonable premiums.

Why is the insurance industry struggling with this?

The problem is with the nature of the threat. Cyber attackers escalate and adapt quickly, which undermines the historical-based models that insurance companies rely on. Attackers are continually shifting their maneuvers that identify victims, cause increasing loss, and rapidly shift to new areas of impact.

Denial of service attacks were once popular but were superseded by data breaches, which cause much more damage…