Hackers may learn to develop even more dangerous tools after attacks such as the WannaCry virus in May and the Petya attack that wreaked havoc in Europe in June by freezing access to computers, allowing the attackers to demand ransom to unlock the systems. Those events didn't result in meaningful insurance claims because they didn't affect many companies in the US, where currently more than 90 per cent of the cyber insurance market is located, Newman said.
CFC underwrites approximately $100 million of cyber-insurance premiums, making it one of Europe's biggest sellers of the product, and has sold the coverage since 2000.
As a Lloyd's of London-backed managing general agent, the company underwrites on behalf of other insurers. The global market for cyber insurance grew to about $3.4 billion in premiums last year and could rise to between $8.5 billion and $10 billion by 2020, reinsurer Munich Re estimates. CFC saw its premiums in the market climb by more than 60 percent last year and Newman expects to match that this year.
"Sooner or later we, will see a billion-dollar cyber claim and the insurance market is well positioned to absorb that," said Thomas Seidl, an analyst at Sanford C. Bernstein in London. "Everybody has exposure to cyber risks and the best precaution can't eliminate that, so there is a strong demand for insurance making cyber coverage by far the biggest opportunity for non-life insurers for the next years."
The largest cyber writers are American International Group, XL Group, and Chubb, according to a report by Fitch Ratings. The companies had a combined market share of approximately 40 per cent at the end of last year and "over 130 distinct insurance organizations reported writing cyber premiums for the year."
Low claims, combined with more companies entering the market, mean that prices for cyber coverage have been falling globally. They are down about 10 per cent in the US and about 20 per cent in the international market this year, according to CFC's Newman.
"It's still a market where supply by far exceeds demand," he said. "There is no break in supply with new insurers entering the market."
With cyber coverage growing rapidly and insurers increasingly seeing the segment as their next blockbuster, regulators are concerned that the industry could be taken by surprise.
Insurers writing cyber policies "are expected to introduce measures that reduce the unintended exposure to this risk," the UK's Prudential Regulation Authority said in a statement on Wednesday. It said insurers may face payouts from computer related claims from less specific policies such as general liability or property insurance.
"Although we have not yet seen large insurance losses, recent near misses highlight the large systemic potential of malware in a connected world," said Marta Abramska, associate director in PricewaterhouseCoopers's cyber insurance practice. "The regulator expects insurers to fully understand their exposure."
In the US, the largest insurers offering cyber coverage are already adjusting their business by shifting away from packaged to standalone policies, which represented 70 per cent of direct premiums written in the US last year, according to a June 26 report by ratings firm A.M. Best.
