In an FSI Insights paper, the Bank for International Settlements' Financial Stability Institute reviewed the cyber insurance market and concluded that, despite rising cyber risk, coverage remains limited and the market faces persistent challenges around policy clarity, pricing and systemic accumulation risk. The paper presents cyber insurance as a potentially important tool for firms' cyber resilience and loss recovery, but says the protection gap is large, with an estimated 99 percent of global economic cyber losses uninsured and small and medium-sized enterprises particularly underinsured. The paper says cyber insurance products have become more standardized, typically combining first-party and third-party cover, but important gaps and ambiguities remain. It highlights continued concern over non-affirmative or silent cyber exposure, exclusions for risks such as state-sponsored attacks and certain infrastructure failures, and difficulties pricing cyber risk because loss data are scarce, threats evolve quickly and losses can be highly correlated across shared cloud, software and service providers. Accumulation risk is identified as a central prudential issue, as a single outage, vulnerability or ransomware event can trigger claims across many insureds and multiple lines of business. The paper also notes that although the global cyber insurance market reached USD 15.3 billion in gross written premiums in 2024, growth has moderated, and even large corporates may find available limits insufficient for severe events. To support sound market development, the paper points to risk-based pricing, prudent underwriting, clearer contract wording, stronger data and incident reporting, and closer attention to third-party dependencies. It also says narrowing the protection gap will require a multistakeholder approach involving insurers, supervisors and governments, with public-private backstops or terrorism-style pools potentially needed for risks that are not commercially insurable.

Original source Back to tracker