3. Investors eyeing cybersecurity insurance
Cybersecurity insurance is getting a lot of attention from investors right now as more companies try to manage their increasing risks, Axios' Shannon Vavra writes.
The trend: There will “absolutely” be consolidation in the cybersecurity insurance market, in particular for firms that assess the risk of companies seeking insurance, Ken Gonzalez, a managing director at investment firm NightDragon Security, tells Axios. And M&As could mean big money for investors.
Likely acquirers will include traditional vulnerability management vendors, security services vendors, fintech companies and insurance companies, Gonzalez says.
By the numbers: Global premiums for cybersecurity insurance are expected to surpass $20 billion by 2025, according to Allianz.
- 76% of U.S. executives today have some form of cybersecurity insurance, per Ovum and FICO. A year ago, 50% had none.
- 5 years ago, cybersecurity risk was ranked the 15th most important business risk, according to the Allianz Risk Barometer, based on a survey of global insurers and brokers. Now it's seen as the second most important.
The context: Cyber coverage has been around since the late 1990s and used to be bundled in some traditional insurance offerings, like liability, property and crime insurance. But because cyber threats are so complex, the industry found it needed to pull it out as standalone coverage.
What to watch: Cyber insurance purchases spike in the aftermath of a prominent and expensive incident, according to Marsh's index. The growth of cyber insurance purchases is fastest for small-to-medium enterprises, per Trend Micro, a cybersecurity company.
- A more structured regulatory environment could boost companies’ interest in obtaining cybersecurity insurance. All 50 states now have data breach notification laws. Europe’s new General Data Protection Regulation threatens massive fines for failure to keep data safe.
The other side: Skeptics say cybersecurity insurance might not go very far because almost no insurance policy is able to remedy the long-term business consequences of reputation damage — which accounted for almost 89% of losses in one cyber incident in a Deloitte modeling.
Go deeper: Read Shannon's full story.