While the difficulty to quantify cyber risk is evident, organizations are becoming increasingly interested in purchasing cyber insurance. The cyber liability insurance market is predicted to grow from $2 billion in 2014 to $7.5 billion by 2020. A developing area of interest is the investment in captive coverage for unusual cyber incidents. For example, companies in the manufacturing industry have developed captive coverage for bodily injury and property damage resulting from a cyber breach. Other organizations are turning to captives for more common instances of cybercrime such as reputational damage and business interruption.
At the June Bermuda Captive Conference, Peter Mullen, CEO of captive and insurance management at Aon Global Risk Consulting in Pembroke, Bermuda, explained that while only 40 percent of survey respondents purchased cyber insurance, the “intimidating task of understanding the risk” keeps many companies interested cyber captives or purchasing traditional commercial cyber insurance. Mullen also noted that although only a dozen of 1,110 clients had put cyber risk in their captives 18 months ago, the number has risen to more than two dozen as of last December. He also said that many clients were even purchasing excess coverage and reinsurance due to the unpredictable nature of cyber risk.