Fitch: Cybersecurity insurance market crossed billion-dollar earnings mark in 2016

Insurers earned $1.35 billion from cyber insurance premiums last year, a 35 percent increase over the year before, according to new figures from the ratings agency Fitch.
Photo by Paul Falardeau/Flickr (CC BY ND 2.0)

Insurers earned $1.35 billion from cyber insurance premiums last year, a 35 percent increase over the year before, according to new figures from the ratings agency Fitch.

More than two-thirds of that total, about $921 million, was stand-alone cyber insurance; with $429 million being the estimated total premium value of package components or multi-risk insurance policies, which cover a variety of hazards.

The total figure for last year “likely underestimates the industry’s cyber premium exposure due to the challenges inherent in breaking out cyber-related premium from other coverages in multi-line products,” states the Fitch report.

The breakdown between stand-alone and packaged policies is very different than 2015, when the $998 million total coverage figure was almost equally divided between stand-alone and package premiums. The difference is accounted for by one insurer, AIG, changing the way it reports its business. In 2016, the company began classifying all of its cyber premiums as stand-alone business, as opposed to 2015, when it counted “a substantial portion” of premiums as package business — and was the number one insurer by volume writing package policies with cyber coverage.


AIG continued to be one of the top three insurers writing cyber policies this year as well, along with XL Group Ltd, and Chubb. Between them, these three companies had a combined market share of about 40 percent last year. The top 15 writers of cyber policies held approximately 83 percent of the market, but more than 130 insurance organizations reported writing cyber policies of one kind or another last year.

The numbers come from an analysis of supplemental filings required of insurers — for the second year running — by the National Association of Insurance Commissioners. But Fitch’s analysis cautions that there are some limitations to the new figures, especially where cyber coverage is bundled into a broader insurance package.

“Insurers may have difficulty fully measuring and knowing the entirety of cyber risk exposure that may lie within their underwriting portfolio, particularly in commercial package policies or various liability policies, including professional liability. As such, measuring premiums that are associated with the various subcomponents of package policies can be difficult,” write the report’s authors.

As a result, they conclude, the “total cyber exposures and premiums will likely continue to be greater than the amount disclosed in statutory data due to this difficulty in breaking out cyber risk and premiums in package coverage.” While the 2016 figures seem to show premiums from stand-alone cyber policies were more than double package premiums, “this difference in actuality is likely much narrower due to the challenges in estimating package cyber risks and premiums.”

The direct loss ratio — i.e. the proportion of premiums paid out in claims — for standalone cyber insurance fell in 2016 to 45 percent, but the report cautions that “the ultimate profitability of the … industry’s cyber insurance efforts will take some time to assess as the market matures and future cyber-related loss events emerge.”


“Future growth in cyber premiums will likely come from more consistent policy terms and conditions as insurers gain better understanding of loss potential and coverage, better cyber underwriting models, as well as efforts to comply with increased cyber regulatory standards across numerous industries, particularly financial institutions,” added Auden in a statement.

Shaun Waterman

Written by Shaun Waterman

Contact the reporter on this story via email, or follow him on Twitter @WatermanReports. Subscribe to CyberScoop to get all the cybersecurity news you need in your inbox every day at

Latest Podcasts