Illustration: Sarah Grillo/Axios

Cybersecurity insurance is getting a lot of attention from investors right now as more and more companies try to manage their increasing risks.

The trend: There will “absolutely” be consolidation in the cybersecurity insurance market, in particular for firms that assess the risk of companies seeking insurance, Ken Gonzalez, a managing director at investment firm NightDragon Security, tells Axios. And mergers and acquisitions could mean big pay-days for investors.

The likely acquirers will include traditional vulnerability management vendors, security services vendors, fintech companies, and insurance companies, Gonzalez, a partner at Momentum Cyber, a cybersecurity advisory firm, said.

By the numbers: Global premiums are expected to surpass $20 billion by 2025, according to Allianz. In the second quarter of 2018, U.S. cyber-insurance prices jumped by 2.1%, in part due to an increase in claims and coverage, per Marsh’s quarterly Global Insurance Market Index. But pricing was tempered last quarter due to competition among insurers.

  • 76% of U.S. executives today have some form of cybersecurity insurance, per Ovum and FICO. A year ago, 50% had none.
  • Five years ago, cybersecurity risk was ranked the 15th most important business risk, according to the Allianz Risk Barometer, based on a survey of global insurers and brokers. Now it is seen as the second most important.

Driving the market: “There have been very few major payouts against cyber-insurance policies, so for now, the cyber-insurance business looks pretty profitable relative to other areas of insurance," per Gonzalez.

  • For example, just this summer a bank in Virginia sued its insurance provider for not fully covering two cyber intrusions, per KrebsOnSecurity.
  • Yes, but: Gonzalez points out that a systemic cyberattack could instantly change how lucrative the market is.

The context: Cyber coverage has been around since the late 1990s and used to be bundled in some traditional insurance offerings, like liability, property, and crime insurance. But because cyberthreats are so complex, it became necessary to pull it out as standalone coverage.

What to watch: Cyber-insurance purchases spike in the aftermath of a prominent and expensive incident, per Marsh's index. The growth of cyber-insurance purchases is fastest for small-to-medium enterprises, per Trend Micro, a cybersecurity company.

  • A more structured regulatory environment could boost companies’ interest in obtaining cybersecurity insurance. All 50 states now have data breach notification laws. Europe’s new General Data Protection Regulation threatens massive fines for failure to keep data safe.

The other side: Skeptics say cybersecurity insurance might not go very far because almost no insurance policy is able to remedy the long term business consequences of reputation damage — which accounted for almost 89% of losses in one cyber incident in a Deloitte modeling.

The big picture: "There’s always going to be some tail of risk that a company will want to insure against.  You can’t buy enough security technology and services to prevent every attack. There’s unknown risk that you can’t even qualify," Gonzalez says.

Go deeper: The rise of cybersecurity insurance

Editor's note: This story has been updated to clarify the spike in purchase prices.

Go deeper

Robert Mueller speaks out on Roger Stone commutation

Former Special Counsel Robert Mueller testifies before the House Permanent Select Committee on Intelligence on Capitol Hill on Wednesday July 24, 2019. Photo: The Washington Post / Contributor

Former special counsel Robert Mueller responded to claims from President Trump and his allies that Roger Stone was a "victim" in the Justice Department's investigation into Russian interference in the 2016 election, writing in a Washington Post op-ed published Saturday: "He remains a convicted felon, and rightly so."

Why it matters: The rare public comments by Mueller come on the heels of President Trump's move to commute the sentence of his longtime associate, who was sentenced in February to 40 months in prison for crimes stemming from the Russia investigation. The controversial decision brought an abrupt end to the possibility of Stone spending time behind bars.

Trump dons face mask during Walter Reed visit

Trump wearing a face mask in Walter Reed National Military Medical Center on July 11. Photo: Alex Edelman/AFP via Getty Images

President Trump wore a face mask during his Saturday visit to Walter Reed National Military Medical Center, according to AP.

Why it matters: This is the first known occasion the president has appeared publicly with a facial covering as recommended by health officials since the coronavirus pandemic began, AP writes.

Updated 10 hours ago - Politics & Policy

Coronavirus dashboard

Illustration: Sarah Grillo/Axios

  1. Global: Total confirmed cases as of 5:30 p.m. ET: 12,607,510 — Total deaths: 562,338 — Total recoveries — 6,948,863Map.
  2. U.S.: Total confirmed cases as of 5:30 p.m. ET: 3,228,884 — Total deaths: 134,600 — Total recoveries: 983,185 — Total tested: 38,919,421Map.
  3. Public health: Jimmy and Rosalynn Carter: "Please wear a mask to save lives" Fauci hasn't briefed Trump on the coronavirus pandemic in at least two months — We're losing the war on the coronavirus.
  4. Food: How the coronavirus pandemic boosted alternative meat.
  5. Sports: Charge of "money grab" by college football.
  6. World: India reimposes lockdowns as coronavirus cases soar.