Guide February 6, 2023

A guide to cyber insurance

An explanatory guide to what cyber insurance covers, why it matters and how to get the correct coverage.

Download the cyber guide

Cyber is often cited as the number one risk modern businesses face today. But many US businesses have yet to come to terms with transferring their biggest risk to insurance – their intangible assets. Perhaps there is the belief that a cyber attack won’t happen to them. Many say they’re too small to be a target. Or, in more recent times, it’s not worth investing in a policy that potentially won’t respond – the cost-of-living crisis deterring an additional insurance spend.

Subsequently, we estimate that less than 30% of US businesses purchase a dedicated cyber insurance product to cover what is now their largest exposure, but with the exception of large, risk-managed corporations, that figure drops significantly. An alarmingly low figure despite the major headlines, validated by financial reports and broker penetration rates across their portfolios.

And yet, in the last few years the US cyber landscape has gone through an unprecedented amount of change. Gone are the days where cyber exposure was understood to only be a privacy risk or a ‘big company’ issue only affecting the retail and healthcare industries.

Cyber threat actors have shifted from small scale social engineering scams to large scale extortion, targeting any business that is potentially vulnerable.These attacks can be costly, resulting in extraordinary amounts spent on everything from forensic analysis to data restoration, and in some cases the extortion demands themselves.

The product has evolved from a reactive to a proactive solution that works to prevent attacks, rather than just respond to them.

But with change, comes innovation. And never in the history of the market has an insurance product evolved so quickly to meet the needs of its customers. The product has evolved from a reactive to a proactive solution that works to prevent attacks, rather than just respond to them.

The 2023 year brings much more stability for insurance products, and capacity once again grows through both new entrants and traditional insurers expanding their appetite for business. Insurers are collaborating with government, the private sector – and even with each other – to combat cyber crime. As a market we must acknowledge that cyber crime isn’t going away, but collectively we can equip businesses to manage and mitigate it.

At CFC, we’re proud to say that our team has grown to more than 100 cyber underwriters around the world. Our cyber security and response division now includes almost 150 threat analysts, forensic specialists and security engineers spanning three continents, available around the clock to detect, prevent and respond to cyber security incidents for our customers. Both with a 'boots on the ground' presence in the US to be on hand for our American customers.

We hope this guide serves to take your understanding of cyber to the next level. Throughout this guide you’ll find everything from how to articulate how cyber products work, case studies of real-life cyber attack in action, and how to have more informed discussions about why cyber insurance is the most important coverage businesses will invest in today.

Our unwavering commitment to the US cyber market remains stronger than ever. We look forward to the years ahead as we continue to support and protect American businesses.