The cyber-risk insurance market is experiencing rapid development, with the rise of global gross written premiums from US$850 million in 2012 to an estimated $2.5 billion in 2014, revealed a new report from Timetric. A growing number of cyber attacks, and the increasing reliance of businesses on technology for operational capabilities and storing data, are responsible for the traction the cyber-risk insurance market is gaining. But insurance firms are responding slowly to this rising demand, and a number of imperfections in the market are leading to a suboptimal outcome.

“Total global losses from cyber crime stood at $445 billion as of June 2014. With governments becoming increasingly involved in cyber threats, the prospect of compulsory cyber-risk insurance could become a reality. It would have a transformative impact upon the market and could create a strong source of future revenues for non-life insurers,” comments Jay Patel, insurance analyst at Timetric.

Over the last few years, insurers have experienced rapid growth in the demand for cyber-risk insurance. Interest in cyber insurance has grown primarily among businesses that hold sensitive consumer information such as telecommunications companies, financial services organizations, and retailers.

A substantial growth in the demand for cyber insurance in Europe is expected, subsequent to the new General Data Protection (GDPR) law, which is to be finalized by year-end. The GDPR is expected to come into force by 2017 in all the EU member states, making data breach notification compulsory. It is likely that this will give more power to the regulators, along with an increase in penalties—up to $1.3 million or 2 percent of a company’s global annual turnover.

In 2014, Europe’s cyber insurance market’s was estimated to be worth US$150 million in gross written premiums, while the U.S. had $2 billion in gross written premiums, approximately 90 percent of the global premiums in the cyber insurance market.

“The reason why the European market is less developed than the U.S. is because of a small number cyber insurance products that are offered by insurers and less business awareness of the cyber risk problem. However, insurers are making forays to serve the European markets,” says Patel.