1. Why are Insurance companies investing in cybersecurity?

Insurance companies are investing in cybersecurity to protect themselves and their customers from cyber threats. With more employees working remotely and various endpoints needing protection, insurers should prioritize network security, endpoint security, and cloud security. Awareness of developments in these areas can also inform cyber insurance policies. Insurers must also invest in threat detection and services to secure systems and applications.

2. How do cyberattacks impact the Insurance industry?

Cyberattacks on insurance companies can have profound implications on their reputations and trust. Insurers hold highly sensitive customer data, making them a prime target for cybercrime. Security breaches could lead to financial losses and legal liabilities. Cyber accumulation risks are also present, where a single event generates a widespread impact on thousands of businesses at once.

3. Which Insurance companies are leaders in cybersecurity adoption?

Leading adopters of cybersecurity in the insurance sector include AIG, Allianz, Aviva, Chubb, Hiscox, Marsh, Munich Re, Ping An, Swiss Re, Travelers, and Zurich Insurance.

4. Who are the leading vendors of cybersecurity to the Insurance industry?

Leading cybersecurity vendors in the insurance sector include Blackberry, Broadcom, CyberCube, FireEye, Portnox, and SecurityScorecard. Leading cybersecurity vendors include Accenture, Alphabet, Check Point, Cisco, CrowdStrike, Darktrace, Dell Technologies, Fortinet, IBM, Microsoft, Palantir, and Palo Alto.

5. How does increased investment in cybersecurity benefit Insurance companies?

Increased investment in cybersecurity can benefit insurance companies by protecting them and their customers from cyber threats, reducing the risk of financial losses and legal liabilities, and improving their reputation and trust. It can also inform cyber insurance policies and lead to improved penetration rates.

6. What are the challenges with adoption of cybersecurity in Insurance?

The challenges with adoption of cybersecurity in insurance include legacy systems employed by insurance firms that may prove ineffective at securing against breaches, as malicious actors evolve faster than legacy technology. Cyber accumulation risks are also present, where a single event generates a widespread impact on thousands of businesses at once. The COVID-19 pandemic instigated a digital shift that led more customers to access their insurance digitally, which is problematic for legacy insurers with limited digital and cybersecurity frameworks.

7. What is the projected market size of cybersecurity in Insurance?

GlobalData projects the market size of cybersecurity in insurance to grow at a CAGR of 10.7% between 2020 and 2025, driven by rapid digital transformation.

8. Which Insurance companies are laggards in cybersecurity adoption?

Insurers that have failed to update and maintain robust cybersecurity frameworks and strategies and have suffered recent serious data breaches include Arthur J. Gallagher, Humana, Metromile, Next Insurance, and Oscar Health.

9. What are the components of the cybersecurity value chain?

The components of the cybersecurity value chain include hardware, software, and services such as unified threat management, vulnerability management, application security, managed security services, risk and compliance services, post-breach response services, chip-based security, identity management, data security, email security, network security, threat detection and response, cloud security, and endpoint security.

Cybersecurity revenues in the insurance sector will grow at a compound annual growth rate (CAGR) of 11% between 2020 and 2025, according to GlobalData forecasts. The sector’s rapid digital transformation will drive this growth. The rise in complex ransomware attacks, the persistence of hybrid working models, ongoing supply chain threats, and the Russia-Ukraine war have all accelerated the need for robust cybersecurity defences across sectors, including insurance.

Covid-19 led to more customers accessing their accounts digitally and insurers selling through digital channels, increasing the sector’s cyber risk. In 2021, leading financial institutions AXA, Tokio Marine, CNA Financial, and Banco Pichincha were hit by cyberattacks. There are also fears that the Russia-Ukraine war may give rise to state-sponsored attacks that target critical infrastructure, military operations, and businesses. Such attacks could not only target insurers but could lead to expensive payouts and damage the reputations of those reluctant to pay.

The pandemic accelerated the need for cyber insurance, but insurers are yet to translate this into improved penetration rates. With the cost of cyber insurance rising to reflect increased cyber risk, policy uptake fell between 2019 and 2021 as many SMEs sought to cut costs. AXA’s decision to stop writing cyber policies that reimbursed ransom attacks may encourage other insurers to follow suit and rethink their risk exposure, forcing businesses to strengthen their cybersecurity frameworks in case of a ransom attack. Some insurers, such as Hiscox, are educating their clients on identifying and mitigating cyber risks to reduce the chance of a human error-induced breach.

However, not all companies are equal when it comes to their capabilities and investments in the key themes that matter most to their industry. Understanding how companies are positioned and ranked in the most important themes can be a key leading indicator of their future earnings potential and relative competitive position.

According to GlobalData’s thematic research report, Cybersecurity in Insurance, leading adopters of cybersecurity in the non-life insurance sector include: AIG, Allianz, Aon, Aviva, Chubb, Hiscox, Marsh, Munich Re, Ping An, Swiss Re, Travelers and Zurich Insurance.

Insights from top ranked companies

Aon

Aon offers a suite of cybersecurity and cyber insurance products for clients, so it has invested heavily in its cybersecurity strategy to protect its customers’ data. As well as a cybersecurity managing director, it has a cybersecurity testing team.

In June 2020, Aon expanded the scope of its cyber risk assessment methodology, CyQu, to better understand the cybersecurity impacts created by increased remote working due to Covid-19. It also rolled out a digital insurance solution for small and mid-market businesses through CoverWallet, a digital insurance platform for SMEs that Aon acquired at the beginning of 2020. The broker also rolled out a new product to protect re/insurers against systemic and catastrophic cyber events.

Munich Re

Munich Re has invested heavily in its own internal cyber risk expertise and is also one of the leading providers of cyber risk solutions globally. In 2019, it partnered with CyberCube to use its cyber insurance analytics platform to support underwriting and risk modelling teams in quantifying cyber risk. CyberCube has also helped Munich Re understand the potential implications of cyber accumulation situations – where a single event generates a widespread impact on thousands of businesses at once – for its portfolio of policies, which has been key to its understanding of cybersecurity risk exposure.

Zurich

Zurich continuously reviews its cybersecurity strategy to comply with regulatory requirements and the changing cyber threat landscape. It implements cyber awareness and education programmes among customers, employees, and business partners to mitigate the human element of information security risks. In 2018, Zurich sealed a partnership with the World Economic Forum (WEF) that aims to build the first global platform for governments, businesses, experts, and law enforcement agencies to collaborate on cybersecurity challenges. The WEF’s Global Risks Report was created in partnership with Zurich. In February 2020, Zurich partnered with CYE, a cybersecurity specialist that uses AI technology, to create a new offering, Zurich Cyber Security Services. This provides cyber risk management programmes for businesses. In September 2021, Zurich collaborated with BOXX Insurance, an insurtech that provides cybersecurity and insurance solutions for SMEs and individuals.

To further understand the key themes and technologies disrupting the insurance industry, access GlobalData’s latest thematic research report on Cybersecurity in Insurance.

Swiss Re
Ping An Insurance
Cuvva
Direct Line
Lemonade
Zego
Root Insurance
MetroMile
Tapoly
AXA
By Miles
Assicurazioni Generali
Marshmallow
RSA
Covea
Ageas
Policygenius
Aviva
AIG
Admiral
Insurance Australia Group
Next Insurance
Suncorp
Many Pets
AIA
PICC
Allstate
Progressive
PartnerRe
Prudential

Premium Insights

From

The gold standard of business intelligence.

Blending expert knowledge with cutting-edge technology, GlobalData’s unrivalled proprietary data will enable you to decode what’s happening in your market. You can make better informed decisions and gain a future-proof advantage over your competitors.

Frequently asked questions

1. Why are Insurance companies investing in cybersecurity?

Insurance companies are investing in cybersecurity to protect themselves and their customers from cyber threats. With more employees working remotely and various endpoints needing protection, insurers should prioritize network security, endpoint security, and cloud security. Awareness of developments in these areas can also inform cyber insurance policies. Insurers must also invest in threat detection and services to secure systems and applications.
2. How do cyberattacks impact the Insurance industry?

Cyberattacks on insurance companies can have profound implications on their reputations and trust. Insurers hold highly sensitive customer data, making them a prime target for cybercrime. Security breaches could lead to financial losses and legal liabilities. Cyber accumulation risks are also present, where a single event generates a widespread impact on thousands of businesses at once.
3. Which Insurance companies are leaders in cybersecurity adoption?

Leading adopters of cybersecurity in the insurance sector include AIG, Allianz, Aviva, Chubb, Hiscox, Marsh, Munich Re, Ping An, Swiss Re, Travelers, and Zurich Insurance.
4. Who are the leading vendors of cybersecurity to the Insurance industry?

Leading cybersecurity vendors in the insurance sector include Blackberry, Broadcom, CyberCube, FireEye, Portnox, and SecurityScorecard. Leading cybersecurity vendors include Accenture, Alphabet, Check Point, Cisco, CrowdStrike, Darktrace, Dell Technologies, Fortinet, IBM, Microsoft, Palantir, and Palo Alto.
5. How does increased investment in cybersecurity benefit Insurance companies?

Increased investment in cybersecurity can benefit insurance companies by protecting them and their customers from cyber threats, reducing the risk of financial losses and legal liabilities, and improving their reputation and trust. It can also inform cyber insurance policies and lead to improved penetration rates.
6. What are the challenges with adoption of cybersecurity in Insurance?

The challenges with adoption of cybersecurity in insurance include legacy systems employed by insurance firms that may prove ineffective at securing against breaches, as malicious actors evolve faster than legacy technology. Cyber accumulation risks are also present, where a single event generates a widespread impact on thousands of businesses at once. The COVID-19 pandemic instigated a digital shift that led more customers to access their insurance digitally, which is problematic for legacy insurers with limited digital and cybersecurity frameworks.
7. What is the projected market size of cybersecurity in Insurance?

GlobalData projects the market size of cybersecurity in insurance to grow at a CAGR of 10.7% between 2020 and 2025, driven by rapid digital transformation.
8. Which Insurance companies are laggards in cybersecurity adoption?

Insurers that have failed to update and maintain robust cybersecurity frameworks and strategies and have suffered recent serious data breaches include Arthur J. Gallagher, Humana, Metromile, Next Insurance, and Oscar Health.
9. What are the components of the cybersecurity value chain?

The components of the cybersecurity value chain include hardware, software, and services such as unified threat management, vulnerability management, application security, managed security services, risk and compliance services, post-breach response services, chip-based security, identity management, data security, email security, network security, threat detection and response, cloud security, and endpoint security.

GlobalData, the leading provider of industry intelligence, provided the underlying data, research, and analysis used to produce this article.

GlobalData’s Thematic Scorecard ranks companies within a sector based on their overall leadership in the 10 themes that matter most to their industry, generating a leading indicator of their future earnings and relative position within key strategic areas.