WASHINGTON (Dec. 15, 2016) – Cyber vulnerability is a growing source of significant risk for both the public and private sectors that has prompted a market for insurance products capable of managing the overwhelming majority of cyber-attacks firms might face, according to a new policy study from the R Street Institute.

The study by R Street Senior Fellow Ian Adams finds the market is growing at a rate of 26 to 50 percent per year. The U.S. insurance industry collected $2.75 billion in cyber insurance premiums in 2015, a total that is expected to grow to $7.5 billion by 2020. Overall industry capacity is currently estimated to be about $500 million.

“Encouragingly, to date, policies with $50 million limits would be able to cover roughly 92 percent of cyber-event claims,” Adams writes.

However, the study acknowledges that some models place the likelihood of a major cyber event that causes between $250 billion and $1 trillion in damage at some point in the next decade to be between 10 and 20 percent. Given the potential for this sort of “black swan” event, some have proposed a government backstop or reinsurance facility to manage the nation’s cyber exposure.

Adams warns policymakers to be cautious about any plan that could dampen development of private solutions or displace private coverage, particularly given the tendency of government insurance programs to inculcate moral hazard, channel funds through inefficient and unpredictable processes, and unnecessarily delay recovery.

“What can be assessed for certain is that the cyber insurance market is growing rapidly and that it already has sufficient capacity to cover the overwhelming bulk of events the market already has faced,” Adams writes. “It is also the case that businesses report they are satisfied with their existing cyber coverages. Unlike in the case of terrorism in the early 2000s, there is no evidence that insureds are requesting coverage limits that insurers and/or reinsurers have been unable or unwilling to fulfill.”

Featured Publications