En raison de la grève de Postes Canada, il y aura un délai dans la livraison des livres.

FREE Membership Sign in

JavaScript is disabled in your browser.

In order visualise this page, please follow these steps.

Smallest companies create the biggest exposures for cyber insurers

By Kate McCaffery | March 6, 2025, 10 a.m.

Photo: Adobe Stock

Ransomware has become the most common claim, according to 70 per cent of the world’s 60 largest cyber insurers, while on a per-claim basis, business interruption claims are more expensive than incident response claims.

These findings, and others, are part of inaugural research conducted by AM Best, which found that the majority of limits are covering businesses with less than $10-million in annual revenue. The survey of the world’s largest cyber insurers – the sample represented approximately $8-billion in premium, approximately half of estimated global cyber premiums – says these insureds have the most exposure in terms of limits. Per policy, the largest average limits are for those insureds with annual revenue of $1-billion. (All figures in U.S. dollars.)

Ransomware and data breaches

The majority of claims paid were for incident response, they add, “which could be first party, such as ransomware, or third party such as a data breach,” they write in the commentary Cyber Insurance Survey Highlights Systemic Risk, Particularly on SMEs. “This indicates there is a tail on cyber business since reserves are over USD $1-billion for such claims.”

The report discusses modelling: Of the 41 responses received, 30 used catastrophe modelling, ten used only probabilistic models, five companies use only deterministic models and 15 use both. “Catastrophe modelling for cyber events is still in its nascent stages,” they write.

Systemic risk

That 80 per cent of all cyber policies are held by small businesses, they add, highlights the systemic risk of cyber insurance: “That any of these small businesses could be using the same cloud service or another common service illustrates how one outage or attack would impact several policies.”

Broken down, insureds with annual revenues under $10-million (more than 1.4-million policies) held 73.1 per cent of all policies, representing 52.7 per cent of limits. Those with revenues between $10-million and $250-million held 16.1 per cent of all policies, representing 26.2 per cent of limits. Those with revenues between $250-million and $1-billion, along with those with annual revenues over $1-billion, each held 1.7 per cent of all policies, representing 5.2 and 7.9 per cent of limits, respectively.

The most popular in P&C

Opportunities for modernization exist in credit protection insurance