Cyber insurance is a fast-growing market, and rightly so, given how cybercrime rages on. For this article, we gathered key statistics about cyber insurance to help you understand just how big of a market it is and what drives companies and individuals to get this type of insurance.
Cyber Insurance Statistics
Cyber insurance statistics cover a wide set of data about market size, claims, cybercrimes, and more, but let’s start with a general overview of the cyber insurance market.
Market Size and Predictions
Cyber insurance is already a big market, but it might grow even bigger in the future. Here’s what we know about the size of the cyber insurance industry so far:
- Market size: According to the latest available data, the global cyber insurance market was worth $7.8 billion in 2020.
- Future growth: Forecasts suggest that cyber insurance will grow into a $20 billion industry by 2025.
- Distribution: Business cyber insurance dominates the market. In 2018, 75 percent of cyber insurance premiums in the United States were for businesses. Only the remaining 25 percent, worth $500 million, were for individuals.1
Cybercrime by the Numbers
One of the main drivers of the cyber insurance market growth is the rise in the number and severity of cybercrimes. Here are some of the most noteworthy statistics we’ve gathered about cybercrime:
- Ransomware is common (and often lucrative). In 2020, 1 in 6 businesses that fell victim to cyberattacks faced ransomware, and about half of them paid up the ransom.2
- Cybercrime reports nearly doubled. The FBI’s Internet Crime Complaint Center (IC3) saw a 69 percent increase in the number of cybercrime reports it received in 2020 compared to 2019. On average, the FBI received 2,000 cybercrime reports per day in 2020.3
- Data breaches affect personal data. In 2020 alone, data breaches exposed over 37 billion personal records, 82 percent of which came from only five breaches.4 Data breaches affect not only companies and organizations, but also the people whose information is in the exposed records.
- Identity fraud causes serious losses. Identity fraud losses in 2020 cost its 49 million victims $56 billion in total. That breaks down to $1,100 per victim.5
- Cyber attacks are the most common: For those that are slightly to somewhat familiar with cyber insurance, 70 percent have experienced a cyber attack, followed by identity theft at 69 percent, cyberbullying at 64 percent, and cyber extortion at 69 percent.
Did You Know: Personal cyber insurance doesn’t only cover fraud, malware, and cyberscams, but also cyberbullying. Some cyber insurance companies reimburse policyholders for income loss or private tutoring costs resulting from cyberbullying.
Cyber Insurance and the COVID-19 Pandemic
The COVID-19 pandemic also contributed to the fast growth of the cyber insurance market. The pandemic accelerated the digitalization of business operations, as it forced businesses to adopt work-from-home setups. Unfortunately, the abrupt implementation of these setups created a larger surface area for cyberattackers to exploit. These numbers from the FBI IC3 show the difference between the number of cybercrime reports it received pre-pandemic in 2019 and during the pandemic in 2020.
|Type of cyberattack||2019||2020||Percentage of increase/decrease|
|Social attacks (phishing, vishing, pharming, etc.)||114,702||341,342||197.60%|
|Credit card fraud||14,378||17,614||22.50%|
|Denial of service (including TDoS)||1,353||2,018||49.20%|
Additionally, Interpol reported that these types of cyberattacks have flourished amidst the pandemic:
- Disruptive malware such as ransomware and distributed denial-of-service (DDoS) attacks
- Data-harvesting malware like spyware
- Malicious domains containing keywords like “coronavirus” and “COVID”6
Cyber Insurance Claims Statistics
Cyber insurance covers a wide variety of cyberattacks, but statistics show that most cyber insurance claims from businesses relate to breaches. A 2020 study showed that 73 percent of insurance claims between 2013 and 2019 fell under the insuring clause of incident response and crisis management of breaches. Data privacy liability, cyber extortion, network business interruptions, and recovery and restoration of data assets were the five most common cyber insurance claims.7
|Insuring clauses||Average percentage of claims between 2013 and 2019|
|Data breach or incident response and crisis management||73%|
|Data privacy liability / privacy breach||9%|
|Network business interruptions||4%|
|Data asset protection||2%|
|Network security liability / security breach||1%|
|Social engineering attack||1%|
|Dependent network interruption||1%|
The same study found that data breaches were also the most frequently reported loss events — that is, cyber incidents that caused companies to lose money. Breaches also caused the largest amount of losses, followed by business interruptions, ransomware, DDoS attacks, and social engineering fraud.
Familiarity and Experience with Cyber Insurance
We asked U.S. adults about their familiarity with cyber insurance, whether they have used it, and if not, why.
- 66 percent of U.S. adults are familiar with cyber insurance in general. Of those who have experienced cyber crime, 59 percent are somewhat to very familiar with cyber crime, compared to 35 percent of those who haven’t experienced cyber crime.
- For those who have not bought cyber insurance, the main reason they don’t have policies currently is needing to do more research at 40 percent. The second most common reason is thinking that it costs too much at 34 percent.
- 43 percent of U.S. adults think that annual premiums for personal cyber insurance policies of up to $25,000 of coverage cost under $100. Only seven percent believed that number to be above $200.
Data Breach Insights
Seeing that data breaches are the most common cyber-related problems of businesses today, we think it’s only appropriate to look deeper into the issue.
What Is a Cybersecurity Breach?
A cybersecurity breach is any incident in which an unauthorized third party gains access to computer data, networks, devices, or applications. For businesses, cybersecurity breaches can have these serious consequences, to name a few:
- Leaks of customers’ personally identifiable information (PII) that can lead to identity theft
- Financial losses due to legal actions, liabilities, incident response, etc.
- Business interruption
- Damage to reputation and loss of customers
- Loss of intellectual property
- Vandalism of websites
- Ransoms (e.g., when the attacker threatens to leak or destroy company data unless the business pays a ransom)
Did You Know: If a company you do business with experiences a breach, see if the breach leaked or affected your personal data in any way. Change your passwords and update your email security features right away.
Causes of Data Breaches
Cybersecurity breaches are often a result of cyberattacks, but Verizon’s 2020 Data Breach Investigations Report shows that’s not always the case. The report found that these were the top causes of data breaches in 2020:
- Hacking: Hackings allowed unauthorized entities to access and steal data by defeating businesses’ cybersecurity measures.
- Errors: The specific nature of the errors varied, including weak employee passwords and system failures that allowed access to unauthorized third parties.
- Social attacks: Social attacks included phishing scams as well as the more advanced spear-phishing scams that target one individual, business, or organization in particular.
- Malware: Actors of breaches used malware to install backdoor access to company data.
- Misuse by authorized users: Some breaches resulted from insiders with authorized access deliberately abusing their companies’ systems for financial or personal gain.
- Physical actors: Physical actors who stole devices that held sensitive data also caused a significant number of breaches.8
|Top causes of breaches||Percentage of breaches it caused|
|Errors (human, technical, system)||22%|
|Misuse by authorized users||8%|
Note from our Experts: Business cyber insurance doesn’t always cover social engineering attacks, such as phishing and spear-phishing, even though these are the third most common cause of breaches. Sometimes, this protection is available as an add-on.
Data Breaches and Small Businesses
Data breaches mostly target large enterprises, because cybercriminals stand to gain more from companies that have more data assets than smaller businesses. However, that doesn’t mean small businesses are safe from data breaches.
- Data breaches in large companies: 72 percent of data breaches affected large companies in 2020, according to Verizon’s report.
- Data breaches in small businesses: The remaining 28 percent of breaches targeted small businesses.
Data Breach Statistics: Cost, Frequency, Severity
Data breaches are undoubtedly a huge problem for large enterprises and small businesses alike, but how huge, exactly?
- Cost of breaches globally: On average, data breaches cost companies $3.86 million.
- Cost of breaches in the U.S.: The U.S. is the most expensive country for data breaches. The average cost of a data breach in the U.S. was $8.64 million in 2020.
- Other consequences of breaches: Breaches also decrease productivity and disrupt workflows. It took companies 280 days on average to identify and resolve data breaches.9
As for the frequency and severity of data breaches, here’s what we found out:
- Fewer publicly reported breaches: There were 3,932 publicly reported breach incidents in 2020, which is 48 percent lower than in 2019. However, that doesn’t mean the number of breaches actually declined. According to our source, disruptions at certain governmental sources, delays in reporting, and declining media coverage all contributed to the decrease in publicly reported breaches in 2020.
- More exposed records: While 1,932 (49 percent) of the publicly reported breaches didn’t expose any records, breaches in 2020 still reached a record-breaking number of exposed records — over 37 billion.
In sum, while there were fewer publicly reported breach incidents in 2020 than in the previous year, the severity of those breaches increased.10
Benefits of Cyber Insurance
It’s clear that cyberthreats like data breaches are here to stay, and so is cyber insurance. Here are some of its top benefits.
- Financial loss reimbursement: Cyber insurance will reimburse your losses that are direct results of cyberattacks like ransomware, identity theft, and fraud.
- Identity theft protection: Criminals can use information from breaches to commit identity theft and fraud. While cyber insurance can’t stop breaches from happening, it can help you retrieve stolen data and prevent its use in future identity theft.
- Recovery from cyberattacks: Unlike identity theft insurance, which only helps you recover from identity theft, cyber insurance helps individuals recover from a wide variety of cyberattacks, including cyberbullying. Some cyber insurance policies cover reimbursements for lost wages, legal fees, or private tutoring fees that are results of cyberbullying.
- Legal fees coverage: Legal fees resulting from cyberattacks such as data breaches can pile up quickly. If your business has cyber insurance coverage, you will receive some help covering those fees. The maximum coverage amounts of cyber insurance providers range far and wide, from $1 million to $100 million per claim.
- Recovery from a breach: Cyber insurance can help you deal with breaches, from helping you issue state-mandated customer notifications to recovering compromised data.
- Online vandalism recovery: Cyber insurance can assist in your business’s recovery if you experience cyber vandalism. Insurance providers can reimburse you for lost funds, such as a loss of productivity and customers.
Protecting Businesses From Cyberattacks
While cyber insurance will cover your losses from cyberattacks, wouldn’t it be better if you weren’t attacked at all? Here are a few digital security tips to protect yourself and your business from cyber risks like data security breaches:
- Invest in good antivirus software. Antivirus software can prevent cyberattacks that involve malware, so it’s important to invest in the best business antivirus solutions.
- Invest in a good VPN. Similarly, VPNs can protect you from hackers and DDoS attacks, so investing in one of the best VPNs for businesses is also crucial.
- Build a firewall. Firewalls can prevent and detect cyberattacks coming from outside of or within your company. Activating your company emails’ spam filters can also prevent phishing scams.
- Encrypt your data. Encrypting your data is another effective way to protect your business from cyberattacks, especially if you have remote workers. Encryption prevents anyone besides authorized individuals from accessing company files.
- Encourage good password hygiene among employees. While you can’t control how every employee handles their digital security, you can encourage them to practice good password hygiene, especially on their workplace accounts.
- Use two-factor authentication on company computers. Multifactor authentication uses biometrics to verify the identities of employees logging on to their computers, ensuring no one besides authorized users can access your system.
Numbers don’t lie, and the numbers we just discussed taught us a few things about cyber insurance. One, cyber insurance is a fast-growing market. Two, the rise in cybercrime, particularly due to the COVID-19 pandemic, drives companies and individuals to get cyber insurance. Three, breaches cause the biggest problems for businesses, both large and small. Lastly, cyber insurance is beneficial in recovery from cyberattacks.
Frequently Asked Questions
To end this report, let’s answer some of the most frequently asked questions about cyber insurance.
How much is the cyber insurance market worth?
In 2020, the cyber insurance market was worth $7.8 billion, according to Statista. However, market experts predict that it will grow into a $20 billion market by 2025. Corporate cyber insurance dominates the market currently, with around 75 percent of the market share. The remaining 25 percent falls under personal cyber insurance.
Do individuals need cyber insurance?
Yes, individuals need cyber insurance. Personal cyber insurance reimburses financial loss due to cyberattacks such as identity fraud. Considering that identity fraud alone costs its victims $1,100 on average, according to a study by Javelin Strategy & Research, it’s prudent to get cyber insurance for yourself to cover such losses.
Do small businesses need cyber insurance?
Yes, small businesses need cyber insurance just as much as large corporations do. According to a report from Verizon, 28 percent of breaches target small businesses. While that’s a small percentage compared to the 72 percent of breaches that target large businesses, the financial aftermath of cyberattacks tends to hurt small businesses more. A study from Experian showed that 60 percent of small businesses that experienced breaches went out of business in just six months because of direct financial losses.
Does cyber insurance help in restoration?
Yes, cyber insurance helps in the restoration of personal and company data in the case of breaches. Personal cyber insurance works like identity theft protection services in that it helps policyholders recover their lost identities to prevent future fraud. Business cyber insurance is much more comprehensive in that it also covers legal fees and assists in processes such as notifying customers of breaches.
Statista. (2021). Cyber insurance – Statistics & Facts.
Hiscox. (2021). The Hiscox Cyber Readiness Report 2021.
FBI. (2020). Internet Crime Report.
RiskBased Security. (2020). 2020 Year End Report.
Javelin. (2021). 2021 Identity Fraud Study: Shifting Angles.
Interpol. (2021). Homepage.
Willis Towers Watson. (2020). Cyber claims analysis report.
Verizon. (2020). 2020 Data Breach Investigations Report – Executive Summary.
IBM. (2021). Cost of a Data Breach Report 2020.
RiskBased Security. (2020). 2020 Year End Report.