I wasn't too shocked to read that it has been estimated that an extreme cyber attack could cause more than $120bn of economic damage.  The ripple effect of an attach is huge and wide-reaching. 

As we have been saying for some time now, corporates have a clear need for more protection against cyber-attacks. Organizations continue to invest heavily in cyber security efforts to safeguard themselves against threats, but far fewer have signed on for cyber insurance to protect their firms after an attack. And it is widely believed that the small number who do have cover, are more than likely under-insured. 

A number of industry leaders are bullish about the cyber market’s future, but this hasn't yet materialised. How come? I am of the belief that corporates recognise they require cyber insurance, and that the low uptake is down to a product-gap. 

There are a number of major roadblocks which hinder insurers’ efforts to expand coverage. 

One of the most important, as Inga Beale points out in this article, is uncertainty around large losses. Think about an attack on a website host - they’d be unable to facilitate the online business of their clients and that could lead to a real aggregation risk. 

In the short term, one solution could be to spread risk through multi-insurer programmes. Similarly, reinsurers could play a bigger role. That wouldn’t deal with the root of the problem though. Over the longer-term, we believe insurers will want to examine ways to help corporates avoid losses. 

As you might imagine, we've thought long and hard about cyber. Our report, Demystifying Cyber Insurance Coverage, delves into how to clearing the obstacles in this problematic but promising growth market.