Recently, the Ministry of Industry and Information Technology (MIIT) released data showing that the first batch of pilot projects for cybersecurity insurance services in China has been successfully completed. During the pilot period, over 1,500 policies were implemented for enterprises, with a total premium scale exceeding 150 million yuan and a total coverage amount of nearly 11.5 billion yuan. Additionally, more than 2 million anti-fraud insurance policies were implemented for residents, with total premiums exceeding 24 million yuan and coverage exceeding 100 billion yuan.
According to estimates by Munich Re Group, the global online insurance market size is projected to reach 15.3 billion US dollars in 2024. Although this represents less than 1% of the total global property and casualty insurance premiums in 2024, it is expected that by 2030, the global online insurance premium scale will more than double, with an average annual growth rate exceeding 10%. Thomas Brück, CEO of Munich Re, emphasized that protection against cybersecurity risks is becoming increasingly important, but many enterprises still lack sufficient security measures and insurance coverage. Munich Re is committed to assisting clients in enhancing their network resilience and gradually filling the insurance coverage gap.
Cybersecurity Insurance in a Complex Global Landscape
In the context of the deep interconnection of global supply chains, escalating geopolitical conflicts, and increasingly complex cyber attack methods, cybersecurity incidents are occurring frequently across multiple fields, including high-end manufacturing, information technology, and finance. This has driven the evolution of cybersecurity insurance from a traditional risk transfer tool to a comprehensive risk management solution.
Analyses by the cybersecurity data team of Muzai Group indicate that losses from cybersecurity incidents primarily stem from attacks such as ransomware, online fraud, supply chain attacks, and data breaches. Among these, ransomware attacks have a significant impact and involve high financial losses, making them the primary cause of claims in cybersecurity insurance. Specifically, business interruption losses account for 51% of claims related to ransomware attacks.
Challenges in Claims Settlement
Claims settlement for cybersecurity insurance is more complex compared to traditional property and liability insurance. Cyber attacks often trigger a chain reaction, including business interruption losses, derivative legal proceedings, data recovery, and compensation for privacy infringement liability. These multi-dimensional and cross-domain loss characteristics can lead to a significant increase in compensation amounts. Additionally, defining the scope of insurance policy liability remains challenging due to the lack of physical evidence in cyber attacks. Insurance companies often face difficulties in conducting intuitive damage assessments and calculations. They must also determine third-party liabilities to customers and partners, making the investigation and loss assessment process highly complicated. Coordination with different service providers is also necessary.
Impact of AI on Cybersecurity
The rapid development of generative artificial intelligence (AI) has intensified the threat of cyber attacks. Ransomware attacks have formed a complete black industry chain, covering a wide range of “products” such as malware subscriptions and AI-driven automated attack packages. This specialized and modular criminal model has lowered the technical threshold and cost of cyber ransomware. AI technology is also reshaping the landscape of ransomware attacks by promoting the automation and complex evolution of attack methods, as well as enhancing the scale, speed, and accuracy of attacks.
Policy Support and Industry Development
In the past two years, China has increased its support for cybersecurity insurance. In July 2023, the MIIT and the National Financial Supervision and Administration Commission jointly issued the “Opinions on Promoting the Standardized and Healthy Development of Cybersecurity Insurance,” providing clear guidance for the market’s development. In December 2023, the MIIT launched a pilot program for cybersecurity insurance, encouraging regions to accelerate the application and practice of this new insurance model.
With policy support, the insurance industry has been exploring the insurable boundaries of cyber risks, leading to an increasing diversity of products. By the end of 2024, 53 insurance companies had filed 341 cybersecurity insurance products, including 56 new products in 2024. These cover innovative areas such as software supply chain liability and system defects. Examples include the “Cyber Security Liability Insurance with Cyber Fraud Loss or Social Engineering Crime Loss Insurance” from People’s Insurance Company (Property) of China, Ltd., and the “Enterprise Cyber Insurance with Exclusion of Directors’ and Executives’ Liability Insurance” from China Pacific Property Insurance Co., Ltd.
Challenges and Future Development
Many industry insiders note that China’s cybersecurity insurance market is still in its early stages of development and faces numerous challenges. On the demand side, some enterprises have insufficient understanding of the role of cybersecurity insurance, such as loss compensation, risk management services, and compliance support, which affects their willingness to purchase and renew policies. On the supply side, the industry faces issues such as a lack of data, difficulties in quantifying risks, a limited product range, unclear expression of certain terms, and unclear standards for determining responsibilities and losses. These problems require joint exploration and solutions from all stakeholders.
Related Topics:
