Cyber insurance is rapidly growing in popularity, and for good reasons. For years now, we’ve been underscoring the true cost of cyberattacks both to businesses and individuals. It isn’t cheap. That’s why it’s far better to have cyber insurance and not need it, than to need it and not have one. That isn’t just a baseless statement, though. It’s backed by statistics – statistics that we’ll discuss in this report to further emphasize why cyber insurance is a necessity.
Cyber Insurance Statistics
Cyber insurance statistics cover a wide set of data about market size, claims, cybercrimes, and more, but let’s start with a general overview of the cyber insurance market.
Market Size and Predictions
Cyber insurance is already a big market, but it might grow even bigger in the future. Here’s what we know about the size of the cyber insurance industry so far:
- Market size: The global cyber insurance market reached approximately $15 billion in 2024, marking steady growth from previous years. This represents a compound annual growth rate of nearly 30 percent since 2012.
- Future growth: Industry analysts project the cyber insurance market will reach $29 billion by 2027.
- Distribution: Business cyber insurance continues to dominate the market, accounting for approximately 75 percent of total premiums. Personal cyber insurance, while still a smaller segment, is growing as individuals become more aware of identity theft and online fraud risks.1
Cybercrime by the Numbers
One of the main drivers of the cyber insurance market growth is the rise in the number and severity of cybercrimes. Here are some of the most noteworthy statistics we’ve gathered about cybercrime:
- Ransomware hits record highs. In 2024, ransomware was involved in 44 percent of all breaches and 75 percent of system-intrusion breaches.2
- Cybercrime reports surge. The FBI’s Internet Crime Complaint Center (IC3) received over 880,000 complaints in 2023, with reported losses exceeding $12.5 billion – a 22% increase from the previous year.3
- Data breaches expose billions. In 2023 alone, data breaches compromised nearly 350 million victims, marking a 72 percent increase from the previous all-time-high. The healthcare sector faced the highest number of breaches.4
- Identity fraud devastates victims. Identity fraud caused $23 billion in losses in 2023. The average victim spent 10 hours resolving identity fraud issues.5
- Cyber attacks are the most common: For those that are slightly to somewhat familiar with cyber insurance, 70 percent have experienced a cyber attack, followed by identity theft at 69 percent, cyberbullying at 64 percent, and cyber extortion at 69 percent.
Did You Know: Personal cyber insurance doesn’t only cover fraud, malware, and cyberscams, but also cyberbullying. Some cyber insurance companies reimburse policyholders for income loss or private tutoring costs resulting from cyberbullying.
Cyber Insurance and the COVID-19 Pandemic
While the acute phase of the COVID-19 pandemic has passed, its impact on cybersecurity and insurance continues to resonate. The shift to hybrid work models has permanently altered the cyber risk landscape, creating new vulnerabilities that persist today:
| Type of cyberattack | 2019 | 2020 | Percentage of increase/decrease |
|---|---|---|---|
| Social attacks (phishing, vishing, pharming, etc.) | 114,702 | 341,342 | 197.60% |
| Credit card fraud | 14,378 | 17,614 | 22.50% |
| Investment scams | 3,999 | 8,788 | 119.80% |
| Malware | 2,373 | 1,423 | -40% |
| Identity theft | 16,053 | 43,330 | 169.90% |
| Ransomware | 2,047 | 2,474 | 20.90% |
| Denial of service (including TDoS) | 1,353 | 2,018 | 49.20% |
Additionally, security experts report that these attack vectors have evolved significantly since the pandemic era:
- AI-enhanced phishing campaigns that are increasingly sophisticated and harder to detect
- Supply chain attacks targeting third-party vendors and software providersdistributed denial-of-service (DDoS) attacks
- Data-harvesting malware like spyware
- Malicious domains exploiting current events and trending topics for social engineering.6
Cyber Insurance Claims Statistics
Cyber insurance covers a wide variety of cyberattacks, but statistics show that most cyber insurance claims from businesses relate to breaches. A 2020 study showed that 73 percent of insurance claims between 2013 and 2019 fell under the insuring clause of incident response and crisis management of breaches. Data privacy liability, cyber extortion, network business interruptions, and recovery and restoration of data assets were the five most common cyber insurance claims.7
| Insuring clauses | Average percentage of claims between 2013 and 2019 |
|---|---|
| Data breach or incident response and crisis management | 73% |
| Data privacy liability / privacy breach | 9% |
| Cyber extortion | 6% |
| Network business interruptions | 4% |
| Data asset protection | 2% |
| Regulatory | 1% |
| Network security liability / security breach | 1% |
| Social engineering attack | 1% |
| Dependent network interruption | 1% |
| System failure | 1% |
| Others | 1% |
The same study found that data breaches were also the most frequently reported loss events — that is, cyber incidents that caused companies to lose money. Breaches also caused the largest amount of losses, followed by business interruptions, ransomware, DDoS attacks, and social engineering fraud.
Familiarity and Experience with Cyber Insurance
We asked U.S. adults about their familiarity with cyber insurance, whether they have used it, and if not, why.
- 66 percent of U.S. adults are familiar with cyber insurance in general. Of those who have experienced cyber crime, 59 percent are somewhat to very familiar with cyber crime, compared to 35 percent of those who haven’t experienced cyber crime.
- For those who have not bought cyber insurance, the main reason they don’t have policies currently is needing to do more research at 40 percent. The second most common reason is thinking that it costs too much at 34 percent.
- 43 percent of U.S. adults think that annual premiums for personal cyber insurance policies of up to $25,000 of coverage cost under $100. Only seven percent believe these policies cover over $200.
>> Also read: A Guide to Understanding Cyber Insurance
Data Breach Insights
Seeing that data breaches are the most common cyber-related problems of businesses today, we think it’s only appropriate to look deeper into the issue.
What Is a Cybersecurity Breach?
Think of a cybersecurity breach like someone breaking into your house, but instead of taking your TV, they’re after your digital valuables. That can include your personal information, financial data, or business secrets. It happens when unauthorized individuals gain access to computer systems, networks, or data they shouldn’t be able to see or touch.
Cybersecurity breaches can have these serious consequences, to name a few:
- Leaks of customers’ personally identifiable information (PII) that can lead to identity theft
- Financial losses due to legal actions, liabilities, incident response, etc.
- Business interruption
- Damage to reputation and loss of customers
- Loss of intellectual property
- Vandalism of websites
- Ransoms (e.g., when the attacker threatens to leak or destroy company data unless the business pays a ransom)
Did You Know: If a company you do business with experiences a breach, see if the breach leaked or affected your personal data in any way. Change your passwords and update your email security features right away.
Causes of Data Breaches
While many assume hackers cause all data breaches, the reality is more complex. According to the latest industry reports, breaches stem from various sources – and surprisingly, not all are malicious:
- Hacking: Hackings allowed unauthorized entities to access and steal data by defeating businesses’ cybersecurity measures.
- Errors: The specific nature of the errors varied, including weak employee passwords and system failures that allowed access to unauthorized third parties.
- Social attacks: Social attacks included phishing scams as well as the more advanced spear-phishing scams that target one individual, business, or organization in particular.
- Malware: Actors of breaches used malware to install backdoor access to company data.
- Misuse by authorized users: Some breaches resulted from insiders with authorized access deliberately abusing their companies’ systems for financial or personal gain.
- Physical actors: Physical actors who stole devices that held sensitive data also caused a significant number of breaches.8
| Top causes of breaches | Percentage of breaches it caused |
|---|---|
| Hacking | 45% |
| Errors (human, technical, system) | 22% |
| Social attacks | 22% |
| Malware | 17% |
| Misuse by authorized users | 8% |
| Physical actors | 4% |
Note from our Experts: Business cyber insurance doesn’t always cover social engineering attacks, such as phishing and spear-phishing, even though these are one of the most common causes of breaches. Sometimes, this protection is available as an add-on.
Data Breaches and Small Businesses
Data breaches mostly target large enterprises, because cybercriminals stand to gain more from companies that have more data assets than smaller businesses. However, that doesn’t mean small businesses are safe from data breaches.
- Data breaches in large companies: 72 percent of data breaches affected large companies in 2020, according to Verizon’s report.
- Data breaches in small businesses: The remaining 28 percent of breaches targeted small businesses.
Data Breach Statistics: Cost, Frequency, Severity
Data breaches are undoubtedly a huge problem for large enterprises and small businesses alike, but how huge, exactly?
- Cost of breaches globally: On average, data breaches cost companies $3.86 million.
- Cost of breaches in the U.S.: The U.S. is the most expensive country for data breaches. The average cost of a data breach in the U.S. was $8.64 million in 2020.
- Other consequences of breaches: Breaches also decrease productivity and disrupt workflows. It took companies 280 days on average to identify and resolve data breaches.9
As for the frequency and severity of data breaches, here’s what we found out:
- Record-breaking breach numbers: There were 3,205 publicly reported data breaches in 2023, affecting over 353 million individuals – a 78 percent increase in victims compared to 2022.
- Mega-breaches on the rise: While the total number of breaches has stabilized, “mega-breaches” affecting over 1 million records have increased significantly in 2024. They accounted for more than one billion victim notices, more than the total number of victim notices sent in 2023.10
In essence, we’re seeing a troubling trend. Breaches are becoming more expensive, taking longer to detect, and affecting more people than ever before. This makes cyber insurance not just helpful, but essential for modern businesses.
Benefits of Cyber Insurance
It’s clear that cyberthreats like data breaches are here to stay, and so is cyber insurance. Here are some of its top benefits.
For Individuals
- Financial loss reimbursement: Cyber insurance will reimburse your losses that are direct results of cyberattacks like ransomware, identity theft, and fraud.
- Identity theft protection: Criminals can use information from breaches to commit identity theft and fraud. While cyber insurance can’t stop breaches from happening, it can help you retrieve stolen data and prevent its use in future identity theft.
- Recovery from cyberattacks: Unlike identity theft insurance, which only helps you recover from identity theft, cyber insurance helps individuals recover from a wide variety of cyberattacks, including cyberbullying. Some cyber insurance policies cover reimbursements for lost wages, legal fees, or private tutoring fees that are results of cyberbullying.
For Businesses
- Legal fees coverage: Legal fees resulting from cyberattacks such as data breaches can pile up quickly. If your business has cyber insurance coverage, you will receive some help covering those fees. The maximum coverage amounts of cyber insurance providers range far and wide, from $1 million to $100 million per claim.
- Recovery from a breach: Cyber insurance can help you deal with breaches, from helping you issue state-mandated customer notifications to recovering compromised data.
- Online vandalism recovery: Cyber insurance can assist in your business’s recovery if you experience cyber vandalism. Insurance providers can reimburse you for lost funds, such as a loss of productivity and customers.
Protecting Businesses From Cyberattacks
While cyber insurance will cover your losses from cyberattacks, wouldn’t it be better if you weren’t attacked at all? Here are a few digital security tips to protect yourself and your business from cyber risks like data security breaches:
- Invest in good antivirus software. Antivirus software can prevent cyberattacks that involve malware, so it’s important to invest in the best business antivirus solutions.
- Invest in a good VPN. Similarly, VPNs can protect you from hackers and DDoS attacks, so investing in one of the best VPNs for businesses is also crucial.
- Build a firewall. Firewalls can prevent and detect cyberattacks coming from outside of or within your company. Activating your company emails’ spam filters can also prevent phishing scams.
- Encrypt your data. Encrypting your data is another effective way to protect your business from cyberattacks, especially if you have remote workers. Encryption prevents anyone besides authorized individuals from accessing company files.
- Encourage good password hygiene among employees. While you can’t control how every employee handles their digital security, you can encourage them to practice good password hygiene, especially on their workplace accounts.
- Use two-factor authentication on company computers. Multifactor authentication uses biometrics to verify the identities of employees logging on to their computers, ensuring no one besides authorized users can access your system.
Recap
The numbers paint a clear picture: cyber insurance has evolved from a nice-to-have to a must-have. With the market approaching $30 billion by 2027 and cyberattacks becoming more sophisticated and costly, both businesses and individuals need this protection. The rise in ransomware attacks, the explosion in data breach costs, and the increasing targeting of small businesses all point to one conclusion. In today’s digital world, cyber insurance isn’t just about recovering from attacks; it’s about surviving them.
Frequently Asked Questions
To end this report, let’s answer some of the most frequently asked questions about cyber insurance.
-
How much is the cyber insurance market worth?
The cyber insurance market reached approximately $15 billion in 2024 and is projected to grow to $29 billion by 2027, according to industry analysts.
-
Do individuals need cyber insurance?
Yes, individuals need cyber insurance. Personal cyber insurance reimburses financial losses from cyberattacks like identity fraud. With data breaches exposing billions of records annually and identity theft affecting 15 million Americans, having coverage for these increasingly common threats makes financial sense.
-
Do small businesses need cyber insurance?
Yes, small businesses should have cyber insurance. Data shows that small businesses are a prime target of cyberattacks and the results can be devastating. A significant number of small businesses go under after a cyber attack.
-
Does cyber insurance help in restoration?
Yes, cyber insurance helps in the restoration of personal and company data in the case of breaches. Personal cyber insurance works like identity theft protection services in that it helps policyholders recover their lost identities to prevent future fraud. Business cyber insurance is much more comprehensive in that it also covers legal fees and assists in processes such as notifying customers of breaches.
