The Cyber Insurance market is very puny compared to the other lines of Insurance. Despite a considerable spate of data breaches and a phenomenal increase in cybercrimes in recent years, cyber insurance does not appear to have grown proportionately, and multiple factors deter its growth. At the same time, some drivers propelling its growth remain too. While cyber-related losses are projected to exceed a few trillion USD, cyber insurance premiums languish around a few billion USD only. This paper aims to review the previously undertaken studies on cyber insurance markets and identify the key factors deterring and propelling growth. Using the Fuzzy TOPSIS method, one of the widely used methods for ranking alternatives, the authors rank the drivers in priority, which can help remove the barriers impeding the cyber insurance market growth. In addition, the authors discuss how such drivers can be implemented, learning lessons from other lines of insurance to support cyber insurance market growth. The authors conclude by stating the limitations of this study and suggesting further areas for future research.
This is a preview of subscription content, access via your institution.
Buy single article
Instant access to the full article PDF.
Price excludes VAT (USA)
Tax calculation will be finalised during checkout.
Not applicable since the data supporting the findings of this study are available within the article.
Heading S, Zahidi S. The Global Risks Report 2023 18th Edition. World Eco- nomic Forum, 2023.
Statista. Estimate cost from cybersecurity Worldwide 2017–2028 (in trillion US dollars). 2023. Available: https://www.statista.com/statistics/1280009/cost-cybercrime-worldwide/.
Morgan S. Top 10 Cybersecurity Predictions and Statistics for 2023," Cybersecurity Ventures, Dec 10 2022. Available: https://cybersecurityventures.com/top-5-cybersecurity-facts-figures-predictions-and-statistics-for-2021-to-2025/. (Accessed 15 05 2023).
Ponemon Institute and IBM Security. Cost of a Data Breach Report 2022. IBM Corporation; 2022.
Boehme R and Schwartz G. Modeling cyber-insurance: towards a unifying framework. 2010. https://www1.icsi.berkeley.edu/pubs/networking/model-ingcyber10.pdf. (Accessed 18 09 2022).
Kreuzer M, von dem Knesebeck A. Munich Re global cyber risk and insurance survey 2022. Münchner Rückversicherungs-Gesellschaft, 2022.
Catlin T, Kampshoff P, Hensley R, McElhaney D. Connected revolution: the future of US auto insurance. McKinsey & Company; 2022.
Agrawal V, Balasubramanian R, Bernard P-I, Cook KC, de Nayves HC, Gestal A, Kotanko B. Global Insurance Report 2023: reimagining life insurance. McKinsey & Company; 2022.
Advisen and Zurich Insurance Group. Information security and cyber risk management. Advisen and Zurich Insurance Group; 2022.
Woods D, Agrafiotis I, Nurse JRC, Creese S. Mapping the coverage of security controls in cyber insurance proposal forms. J Internet Serv Appl. 2017. https://doi.org/10.1186/s13174-017-0059-y.
ENISA. Cyber insurance: recent advances, good practices and challenges. European Union Agency for Network and Information Security; 2016.
Lloyd's Market Association. Cargo clauses page. Lloyd's Market Association, 2008. https://www.lmalloyds.com/lma/underwriting/marine/JCC/JCC_Clauses_Project/Cargo_Clauses.aspx. (Accessed 17 09 2022).
Kim T. Warren buffett: cybersecurity risk ‘is uncharted territory. It’s going to get worse, not better’. CNBC, 05 05 2018. https://www.cnbc.com/2018/05/05/warren-buffett-cybersecurity-risk-isuncharted-territory-its-going-to-get-worse-not-better.html. (Accessed 17 09 2022).
Logan T. The time for cyber insurance: coverage improves supply chain resiliency rapporteur summary of FDD-lockton companies tabletop exercise. Foundation for Defense of Democracies (FDD), 2020.
Sullivan J and Nurse JRC. Cyber security incentives and the role of cyber insurance. Royal United Services Institute for Defence and Security Studies, 2020.
Lloyd's List Intelligence. Transparent and actionable Maritime data. Maritime Insights & Intelligence Limited. https://www.lloydslistintelligence.com/about-us/our-data. (Accessed 17 09 2022).
United States Government Accountability Office. Insurers and policyholders face challenges in an evolving market. United States Government Accountability Office; 2021.
Deloitte Center for Financial Services. Overcoming Challenges to cyber insurance growth. Deloitte Insights, 2020.
ENISA, Neil Robinson, RAND Europe. Incentives and barriers of the cyber insurance market in Europe. European Network and Information Security Agency, 2012.
Marsh & Microsoft. 2019 Global cyber risk perception survey. Marsh McLennan Insights, 2019.
National Association of Insurance Commissioners (NAIC). Cyber supplement report 2022 for data year 2021. NAIC; 2022.
National Association of Insurance Commissioners (NAIC). Report on the cybersecurity insurance market. NAIC; 2021.
Arunachalam TL. Interviewee, what ails cyber insurance? 2022.
Biden JR, Jr., Remarks by President Biden on the colonial pipeline incident. US Embassy & Consulates in the United Kingdom, 2021. https://uk.usembassy.gov/remarks-by-president-biden-on-the-colonial-pipeline-incident/. (Accessed 17 09 2022).
Smith KT, Smith LM, Burger M, Boyle ES. Cyber terrorism cases and stock market valuation effects. Inf Comput Secur. 2023. https://doi.org/10.1108/ics-09-2022-0147.
United States Department of the Treasury. Terrorism Risk Insurance Program. US Department of the Treasury. https://home.treasury.gov/policy-issues/financial-markets-financial-institutions-and-fiscal-service/federal-insurance-office/terrorism-risk-insurance-program. (Accessed 15 02 2023).
Willis Towers Watson. Terrorism Pool Index 2022. International Forum of Terrorism Risk (Re)Insurance Pools (IFTRIP), 2022.
Organization for Economic Co-operation and Development (OECD). Terrorism Risk Insurance Programmes, “Organisation for Economic Co-operation and Development (OECD)”. https://www.oecd.org/daf/fin/insurance/terrorism-risk-insurance-programmes.htm. (Accessed 04 05 2023).
Ministry of Road Transport and Highways, Government of India. The Motor Vehicles Act, 1988. Ministry of Road Transport and Highways, Government of India, 1988. https://morth.nic.in/motor-vehicles-act-1988. (Accessed 20 04 2023).
Tuli N and Jenkins C. The insurance and reinsurance law review: India. The Insurance and Reinsurance Law Review, 2022. https://thelawre-views.co.uk/title/the-insurance-and-reinsurance-law-review/india. (Accessed 20 04 2023).
Financial Conduct Authority (FCA). Buying professional indemnity insurance. Financial Conduct Authority (FCA); 2022.
National Conference of State Legislatures (NCSL). Security breach notification laws. National Conference of State Legislatures (NCSL), 2022. https://www.ncsl.org/technology-and-communication/security-breach-notification-laws. (Accessed 20 04 2023).
Ministry of Road Transport and Highways (MoRTH). National register e-services. Ministry of road transport and highways (MoRTH). https://vahan.parivahan.gov.in/nrservices/. (Accessed 10 05 2023).
Ministry of Road Transport and Highways (MoRTH). SARATHI home public. Ministry of Road Transport and Highways (MoRTH). https://sarathi.parivahan.gov.in/SarathiReport/sarathiHomePublic.do. (Accessed 03 04 2023).
Harris KD, General A. California data breach report 2016. California Department of Justice, 2016.
Department of Defense Chief Information Officer (DoD CIO). About CMMC. Department of Defense Chief Information Officer (DoD CIO). https://dodcio.defense.gov/CMMC/about/. (Accessed 20 04 2023).
PCI Security Standards Council (PCI SSC). PCI security standards. PCI Security Standards Council (PCI SSC). https://www.pcisecuritystandards.org/. (Accessed 20 04 2023).
US Department of Energy (DOE). Cybersecurity capability maturity model (C2M2). US Department of Energy (DOE). https://www.energy.gov/ceser/cybersecurity-capability-maturity-model-c2m2. (Accessed 18 09 2022).
Granato A, Polacek A. The growth and challenges of cyber insurance. Chicago Fed Lett. 2019. https://doi.org/10.21033/cfl-2019-426.
National Cyber Security Centre (NCSC). Cyber essentials: overview. National Cyber Security Centre (NCSC). https://www.ncsc.gov.uk/cyberessentials/overview. (Accessed 14 05 2023).
Innovation, Science and Economic Development Canada (ISED). CyberSecure Canada," Innovation, Science and Economic Development Canada (ISED). 2023. https://ised-isde.canada.ca/site/cybersecure-canada/en. (Accessed 20 04 2023).
Carter RA, Enoizi J. Cyber war and terrorism: a common language to promote insurability. The Geneva Association; 2020.
The White House. Statement from the press secretary. Trump White House website, 2018. https://trumpwhitehouse.archives.gov/briefings-statements/statement-press-secretary-25/ (Accessed 02 03 2023).
Martin A. Mondelez and Zurich reach settlement in NotPetya cyberattack insurance suit. The Record website, 2022. https://therecord.media/mondelez-and-zurich-reach-settlement-in-notpetya-cyberattack-insurance-suit. (Accessed 02 03 2023).
Davison P, Mather C. Cyber war & cyber operation clauses updated. Lloyd's Market Association (LMA) website, 2023. https://www.lmalloyds.com/LMA/News/LMA_bulletins/LMA_Bulletins/LMA23-002-PD.aspx. (Accessed 02 04 2023).
Brockett PL, Golden LL, Zaparolli S, Lum JM. Kidnap and ransom insurance: a strategically useful, often undiscussed, marketplace tool for international operations. Risk Manag Insur Rev. 2019;22:421–40. https://doi.org/10.1111/rmir.12134.
Soyer B. Warranties in marine insurance. Routledge; 2019.
International Maritime Organization (IMO). The International Safety Management (ISM) Code. IMO website. https://www.imo.org/en/ourwork/humanelement/pages/ISMCode.aspx/ (Accessed 14 02 2023).
Ernst & Young. Study on pools and on ad-hoc co(re)insurance agreements on the subscription market. Publications Office of the European Union, 2017.
Faure M, Nieuwesteeg BFH. The law and economics of cyber risk pooling. NYU J Law Bus. 2018;14(3):923–63.
Organization for Economic Co-operation and Development (OECD). Enhancing financial protection against catastrophe risks: the role of catastrophe risk insurance programmes. Organisation for Economic Co-operation and Development (OECD), 2017.
Joint Select Committee on Northern Australia. Inquiry into the cyclone reinsurance pool. Commonwealth of Australia, 2023.
World Bank Group. Sovereign catastrophe risk pools: world bank technical contribution to the G20. Washington: World Bank; 2017.
Haushofer M, Austen R, Subramaniam S. Speech by Mr Heng Swee Keat, Minister for Finance, and MAS' Board Member, at the 15th Singapore Interna- tional Reinsurance Conference on Oct 29 2018. Monetary Authority of Singapore, 2018. https://www.mas.gov.sg/news/speeches/2018/speech-at-the-15th-singapore-international-reinsurance-conference. (Accessed 18 09 2022).
Bengfort H. What are health insurance rewards programs, and how do they impact HRAs?. PeopleKeep, Inc. website, 2023. https://www.people-keep.com/blog/what-are-health-insurance-rewards-programs. (Accessed 25 06 2023).
Silvello A, Procaccini A. Connected insurance reshaping the health insurance industry. IntechOpen. 2020. https://doi.org/10.5772/intechopen.85123.
Cyber Security Agency of Singapore (CSA). Cybersecurity Labelling Scheme (CLS). Cyber Security Agency of Singapore (CSA). https://www.csa.gov.sg/our-programmes/certification-and-labelling-schemes/cybersecurity-labelling-scheme. (Accessed 02 06 2023).
ENISA (European Union Agency for Network and Information Security). EU Cybersecurity Certification FAQ. ENISA website. https://www.enisa.europa.eu/topics/certification/eu-cybersecurity-certification-faq/certification-schemes-and-cabs-faq?v2=1&tab=details. (Accessed 22 05 2023).
National Cyber Security Centre (NCSC). Commercial Product Assurance (CPA). NCSC website. https://www.ncsc.gov.uk/information/commercial-product-assurance-cpa. (Accessed 22 05 2023).
Chester A, Lorenz J-T, Straub M and Stüer C. The hidden benefits of value-added services in commercial lines insurance. McKinsey & Company website, 2019. https://www.mckinsey.com/industries/financial-services/our-insights/the-hidden-benefits-of-value-added-services-in-commercial-lines-insurance. (Accessed 22 05 2023).
Rush D, Montalbo J, Baumann N, Evans P. Insurance trends: new world, new customers, new solutions. Deloitte UK website; 2019.
von Watzdorf S, Skorna A. How value added services influence the purchasing decision of insurance products. Int Assoc Study Insur Econ. 2017.
OECD. The impact of big data and artificial intelligence (AI) in the insurance sector. OECD; 2020.
Romanosky S, Ablon L, Kuehn A, Jones T. Content analysis of cyber insurance policies: how do carriers price cyber risk?". J Cybersecur. 2019. https://doi.org/10.1093/cybsec/tyz002.
Conflict of Interest
The authors declare that they have no conflict of interest.
Research Involving Human Participants and/or Animals
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
This article is part of the topical collection “Advances in Internet Research and Engineering 2023” guest edited by Sudarsan S. D., Mohit Sethi, and Balaji Rajendran.
About this article
Cite this article
Ganapathi Subramaniam, B., Chithralekha, T. & Amudhambigai, B. What Ails Cyber Insurance? An Analysis of Barriers and Drivers Using Fuzzy TOPSIS Method. SN COMPUT. SCI. 5, 20 (2024). https://doi.org/10.1007/s42979-023-02266-2