Asia Pacific’s Cyber Insurance Growth Project to Triple Next Year

Asia Pacific’s Cyber Insurance Growth Project to Triple Next Year

by June 3, 2024

Asia-Pacific (APAC) is one of the fastest-growing regions for cyber insurance, according to a S&P Global survey. Over the past five years, the region’s cyber insurance market has grown 51.2% annually, making APAC one of the most dynamic market in the world for the coverage type. German insurance group Munich Re expects the market to continue its growth momentum, projected to triple in size by 2025.

Despite its rapid growth, the APAC region remains the second smallest cyber insurance market globally, S&P Global says, a statement that aligns with findings of a Moody’s survey which revealed strong cybersecurity oversight among APAC players compared to global counterparts.

In the region, slightly over 50% of issuers currently have standalone cyber insurance, and though the figure represents a considerable improvement from 38% in 2021, it is still way behind regions like the Americas where 85% of issuers are cyber insurance coverage.

Cyber insurance, also called cyber liability insurance or cybersecurity insurance, covers financial losses that companies have as a result of ransomware attacks, data breaches and other cyber incidents.

The category is experiencing rapid growth within the global insurance market, with volumes tripling in the last five years to gross direct written premiums of US$13 billion in 2022, according to the Swiss Re Institute (SRI). Growth is projected to carry on this year onwards to reach a total premium of about US$23 billion by 2025.

Global cyber insurance premiums (US$ billion), Source: Swiss Re, Aug 2023

Global cyber insurance premiums (US$ billion), Source: Swiss Re, Aug 2023

Cyber risks fueling the growth of cyber insurance in Asia Pacific

The growth of cyber insurance is being driven by booming cybercrime activity. In 2022, malware incidents rose for the first time since 2018, reaching 5.5 billion attacks and growing 2% year-on-year (YoY), according to the 2023 SonicWall Cyber Threat Report. Malware is malicious software which infects a computer and which is specifically designed to disrupt, damage, or gain unauthorized access to a computer system.

Ransomware attacks, meanwhile, was up 50% YoY during the first half of 2023, driven by the availability and accessibility of so-called ransomware-as-a-service, according to the World Economic Forum. Ransomware is a type of malicious software attack designed to block access to a computer system until a ransom is paid.

Finally, distributed denial-of-service (DDoS) attacks reached unprecedented volume in 2022, led by a substantial increase in nation state attacks and continued proliferation of low-cost DDoS-for-hire services. Microsoft says it mitigated an average of 1,955 attacks per day that year, a 40% increase from the prior year.

Cybersecurity trends in 2024

Munich Re highlights several key risks and trends expected to shape the cyber threat landscape in 2024 and beyond.

First, it notes that the adoption of large language models (LLMs) and generative artificial intelligence (gen AI), like ChatGPT, is marking a new era for cyber risks. AI is expected to automate and personalize cyberattacks, making them more efficient and widespread. Moreover, AI-driven phishing and malicious LLMs like WormGPT is projected to empower less skilled attackers, the firm says.

On the positive side, AI can also help improve cybersecurity by enhancing detection, response capabilities, and attack attribution. In the insurance industry, AI is also poised to enhance risk assessment, offer customized coverage, improve incident monitoring, and streamline operations, it says.

Another cyber trend highlighted by Munich Re is the ongoing rise of nation-state-sponsored cyber activities. These actors may exploit AI for disinformation and information warfare, particularly during elections. These nation-state-sponsored activities could also include espionage and destructive cyber operations.

Lastly, disinformation (false content) and malinformation (damaging information) will become costly threats, Munich Re says, with corporate spending on countering malinformation projected to exceed US$30 billion by 2028.

Cybercrime is estimated to have cost organizations US$8 trillion in 2023, up from US$3 trillion in 2015. Cybersecurity Ventures, a researcher and publisher covering the global cyber economy, predicts that this cost will grow by 15% per year in the near term, reaching US$10.5 trillion annually by 2025.


Featured image credit: edited from freepik