Approximately 90% of the total losses incurred by cyber attacks worldwide are not covered by insurance, far exceeding the protection gap associated with natural disasters.
That is according to a report from the Geneva Association, which estimates that the natural catastrophe protection gap has narrowed from around 78% to 70% over the last 30 years.
In contrast, virtually all cyber losses remain uninsured, with attacks thought to cost the global economy around $400bn every year - almost twice the average amount caused by natural disasters.
"Risk exposures tend to outgrow premiums, leaving individuals, households, firms and the public sector underinsured," Geneva Association secretary-general, Anna Maria D'Hulster, said.
"The digital transformation of modern economies creates a major gap between cyber risk exposure and available risk management and transfer options."
The report explains how protection gaps are caused by affordability, product appeal, service quality and policyholder trust, while insurers cite transaction costs and limits to insurability.
It highlights how estimating the cyber insurance gap is particularly hard because firms are likely to understate the damage caused by attacks, and have no obligation to disclose incidents.
Annual gross premiums for cyber insurance coverage are thought to be between $3bn and $3.5bn, but are expected to more than quadruple to around $16.9bn by 2023.
It was also found that the closing protection gap for natural disasters has been largely limited to high- and upper middle-income countries, where they have fallen to around 55% and 86% respectively.
However, the gap in lower middle- and lower-income countries remain in excess of 95%, with the Geneva Association arguing that demand and supply factors for insurance coverage must be addressed.
"A joint stakeholder effort appears to be a necessary condition for effectively narrowing protection gaps," commented Geneva Association senior advisor, Kai-Uwe Schanz.
