Rapid growth aside the cyber insurance market remains “frustratingly immature”, according to our CEO, Inga Beale. Despite huge potential, the cyber insurance market has not developed as much as it should have in the past twenty years, she told delegates at the Organisation for Economic Cooperation and Development (OECD) conference in Paris yesterday.

“In 2016, the stand-alone cyber market reached an estimated $3.5 billion in written premiums…many analysts suggest that this figure will double over the next two years, largely driven by EU regulation on Data Protection,” Beale told delegates at the conference, organised in collaboration with Marsh.

Nevertheless, over the past two decades, the cyber insurance market has failed to live up to expectations, she said. “Evidence of the market’s immaturity can be seen in the relatively low take up of cyber insurance. Whereas many businesses have property insurance, only about 20-35% have specific cyber insurance in the US and Europe.”

This is despite an increased awareness of the risks and the fact that public and private organisations are “ripe to attack”. The “Wannacry” ransomware crisis of 2017 infected 200,000 computers across 150 countries, for example.

Referring to barriers that have blocked the development of the market, Beale highlighted how premiums remain high compared to other classes of insurance. In some cases cyber insurance is up to six times more expensive than property insurance.

Some buyers may be confused over the types of cover available, said the Lloyd’s CEO, while certain policies still don’t cover important losses – like loss of value of intellectual property.

On the underwriting side, difficulties in detecting and pricing the risk, combined with the potential for large losses is forcing some insurers to tread carefully. Meanwhile, the fast changing cyber risk landscape puts pressure on underwriters to ensure they have products that cover new threats, said Beale. This is something the market is tackling head on.

Insurers will “need to take positive and decisive action” to cope with these demands. The market should prioritise co-operation and engagement to better understand the exposures it faces and ultimately improve the products it provides.

“Cyber risk is so complex that we need to be working together, pooling resources and data where possible to come up with solutions that are based on the latest and best information available,” she said.

Summing up the partnership approach, Beale concluded: “The onus is not just on insurers to take action. Governments and public bodies such as the OECD can play an important role too, especially around data. Customers are looking for evidence that insurers will pay out on cyber claims before they purchase. More information on the frequency and impact of cyber-attacks and losses would help inform underwriting.”

The market will only realise this opportunity said Beale if it invests for the future and all parties work together to “build better cyber resilience”.

 Find out about Lloyd's cyber solutions on our dedicated cyber web pages.