2026/01/29 11:40:45

Cyberinsurance

Content

Chronicle
Notes

Main article: Digital technology in the field of insurance

Chronicle

2025

The volume of the Russian cyber insurance market for the year increased to 4 billion rubles

At the end of 2025, the volume of the Russian cyber insurance market reached 3.5-4 billion rubles. The market was showing steady growth, according to data from insurance broker Mains, released on January 28, 2026.

The growing interest in cyber insurance products is associated with an increase in resonant incidents, such as attacks on Vinlab, SDEK, Lukoil, Aeroflot and other companies. According to Kaspersky Lab, in the three quarters of 2025, 81% of Russian organizations were attacked via e-mail.

The cyber insurance market in Russia for the year reached 4 billion rubles

Insurance protection under cyber insurance contracts, the amount of which in Russia is 100-300 million rubles, includes compensation for five main types of losses:

The cost of analyzing the incident and restoring the IT infrastructure.
Financial losses from a break in the company's activities.
Losses caused to third parties (customers, partners).
Costs for legal protection and services of cybersecurity specialists.
Reputational costs.

Ingosstrakh Dmitry Shishkin, head of the liability insurance department of the company, noted that transparency of the loss settlement process, which begins with fixing the incident and a statement to law enforcement agencies, is important for the cyber insurance market.

According to Ingosstrakh's forecast, in 2026, if liability for personal data leaks is tightened, the market growth may be 100% or more. Mains experts expect that by 2027-2028 the market capacity will increase to 7-10 billion rubles.^[1]^[2]^[3]^[4]

The volume of the Russian cyber insurance market is approaching 1 billion rubles

The volume of the Russian cyber insurance market is approaching 1 billion rubles, while maintaining stable dynamics. This was stated by Maxim Ivanov, partner of technology practice at Technologies of Trust. According to him, over the period from 2022 to 2024, the market volume approximately doubled, and growth continues.

In general, according to the expert, the demand for cyber insurance services was a response to the annual increase in the number, cyber attacks reported on September 18, 2025 Kommersant , citing. TASS So, according to the data, at the end MINISTRY OF INTERNAL AFFAIRS 765.4 thousand cybercrimes recorded of 2024 (+ 13.1% in relation to 2023).

At the same time, the real number of attacks, including undiagnosed ones, may be much higher, while the level of disclosure cybercrimes remains relatively low - in particular, in 2024 it did not exceed 25%, Maxim Ivanov specified.

Since 2020, the cyber insurance market in Russia has grown significantly: growth rates reached 30% per year. In 2023-2024, the growth rate slowed down to 10-15%. Among the main reasons for the growth of the market over the past three years, in addition to the increased number of cyber attacks on almost all sectors of the economy, Kommersant also named the localization of cyber risk insurance contracts for subsidiaries of foreign companies in Russia.^[5]

After Aeroflot, no one feels safe. Demand for cyber insurance policies soars - TA opinions

The cyber attack on Aeroflot, which led to the transfer of dozens of flights, once again pointed out to large companies the need to build powerful cyber defenses. Another way to minimize the consequences of hacker attacks is to insure cyber risks. Insurance companies surveyed by TAdviser in August 2025 reported a surge in demand for such policies, which was largely facilitated by what happened to Aeroflot.

The cyber attack on Aeroflot has become a catalyst for many companies in Russia, prompting them to consider acquiring cyber insurance to protect against future threats, says Oleg Hanin, CEO of Insurance Union. - With the increasing number of cyber attacks and incidents affecting various companies and organizations, many businesses have recognized the need to protect against potential financial losses caused by cyber attacks.

Demand for cyber insurance policies has grown in Russia

AlfaStrakhovanie, as Denis Zenka, director of the financial risk and liability insurance department, told TAdviser, in August 2025 there was an increase in demand for cyber insurance policies by about 30%. However, the volume of this market is insufficient and does not correspond to the existing threats, since the business is probably not yet used to digitizing losses from such risks, he clarified.

Denis Zenka also noted that over the past couple of years, the demand for cyber insurance has been gradually growing, but demand does not always translate into contracts. Most often, companies from industry and retail show interest in cyber risk insurance, added the interlocutor of TAdviser.

In the summer of 2025, sales of cyber insurance policies to large and medium-sized businesses doubled, according to insurance broker Mains. According to the co-owner of the broker Sergey Khudyakov, in the first half of 2025, Mains representatives held a number of meetings with large companies with an annual turnover of more than 100 billion rubles on the topic of cyber insurance. Almost all of them took a break and only in the summer, after a surge in cyber attacks, returned with a desire to speed up the quotation process and the subsequent release of cyber insurance contracts, Khudyakov said.

The practice is that there are several months between the first communication and the launch of a full-fledged process. High-profile cyber attacks accelerate the search for a budget and the desire to make the contract as fast and wider as possible, "he explained.

Sogaz also confirms the rise in demand for cyber insurance in Russia. Among the demanded cyber risks are hacker attacks, software failures, data theft, error insurance when introducing new software, which is relevant in light of the active transition of enterprises to Russian software. In addition, as Sogaz said, the business is trying to protect itself from financial losses and legal risks caused by malfunctions of IT systems after updates made by its own specialists. Some companies insure liability to third parties.

And in Ingosstrakh, there is no surge in demand for cyber insurance policies. There is interest in this type of insurance, but within the usual level of the current and last years, says Dmitry Shishkin, head of the Ingosstrakh liability insurance department. He admitted that by August 2025, all the forces of companies are aimed at analyzing their own level of information security and improving it.

Shishkin said that there was no significant increase in demand for cyber insurance in 2024 after attacks on other Russian companies. Large companies from the fields of production, trade and finance are still interested in cyber insurance, the expert added.

The general director of the Insurance Council (SOPOS) Yury Volkov noted that Aeroflot would not be able to buy a cyber insurance policy even if it wanted to. According to him, the development of this market is hindered by a number of factors:

buyers need to disclose the security architecture to the insurer or third parties whom it will involve for audit;
cyber risk insurance contracts practically unpaid in content;
there is no single regulatory concept of a cyber incident (a certificate from the Ministry of Internal Affairs is required to confirm it);
for investigation, it is necessary to give access "inside" to third parties;
it is necessary to prove a causal relationship.

According to the deputy general director for property insurance of the insurance broker ASTMaksim Sapozhnikov, the segment of the cyber insurance market is developing, there are examples of large insurance contracts and compensation payments. High-profile attacks fuel customer interest in cyber risk insurance, says Sapozhnikov. In June 2025, there was a surge in customer activity after the adoption of the law on working fines, but this gradually subsides, since the fines are not insured, the TAdviser speaker added.

2024

The volume of the global market for identity theft insurance for the year reached $6.81 billion

At the end of 2024, expenses on the global identity theft insurance market amounted to $6.81 billion. This is 17% more than in the previous year, when the volume of the sector in question was estimated at $5.8 billion. Such data are provided in the Market Research Future review, which TAdviser got acquainted with in early March 2025.

The main driver of the industry is the deterioration of the security situation, which is accompanied by an increase in the number of incidents related to data leaks. Attackers are constantly improving the tactics used to steal personal information. In particular, artificial intelligence tools are being introduced to automate cyber attacks and phishing campaigns. The growing reliance of users on digital transactions and online services further heightens the risks. In response, insurance companies offer various cyber insurance services to protect businesses and individuals from problems related to Internet use, storage and processing of data electronically. Insurance compensates for damage if other means of digital security are ineffective, and attackers can take possession of personal data.

Analysts note that organizations are increasingly aware of the need to protect corporate or personal information from fraudsters. Any loss, compromise or theft of digital data has a negative impact on the business: this can lead to a loss of confidence in the company, which entails an outflow of customers, or to the financial cost of recovering from a cyber attack. Therefore, enterprises are increasingly purchasing cyber insurance policies that help reduce financial damage in the event of leaks.

One of the main goals of cybercriminals when committing attacks is to steal customer data, such as contact phone numbers, purchase information, personal information and credit card numbers. This data can then be used to organize various fraudulent schemes. With the number of leaks on the rise, regulators in many countries are imposing stricter rules on the security of personal information, forcing companies to guarantee proper coverage.

The authors of the study identify three main types of identity theft insurance: individual, family and corporate policies. In 2023, the first of these segments provided the largest revenue - about $2.3 billion. Family policies accounted for about $2 billion, corporate policies - $1.5 billion. Significant players in the global market are:

Experian;
AIG;
MetLife;
Chubb;
Zurich;
State Farm;
TransUnion;
CNA;
Lifelock;
Liberty Mutual;
Allstate;
Equifax;
Identity Guard;
ADP;
Travelers.

In regional terms, North America was leading in 2023 with costs of $2.4 billion: the dominance of the region is due to the high level of development of the IT sector and growing awareness of the risks of identity theft. In Europe, costs are estimated at $1.5 billion, while the Asia-Pacific region provided a contribution of about $1 billion. South America brought in $0.5 billion, the Middle East and Africa - approximately $0.4 billion.

In general, as noted, the observed trends indicate a steady positive trend. Market Research Future analysts believe that in the future, the CAGR in the market under consideration will be 8.41%. As a result, by 2034, costs on a global scale could increase to $15.28 billion.^[6]

Growth of the volume of the Russian cyber insurance market to ₽3 billion

On February 6, 2025, Pavel Ozerov, co-owner of the Mainsgroup insurance broker, announced that the volume of the cyber insurance market in Russia in 2024 reached ₽3 billion. According to his forecast, in 2025 the figure may increase to ₽3,5 billion. Ozerov noted that the growth of the segment is facilitated by an increase in the number of cyber incidents and increased business interest in protecting digital assets.

According to Kommersant, according to an InfoWatch study, 51% of Russian companies that have faced information leaks do not have insurance protection against cyber risks. Experts attribute this to the low readiness of the business for such risks and the insufficient development of the insurance services market in this area.

The volume of the Russian cyber insurance market for the year reached ₽3 billion

Among companies that did not receive insurance payments, 79% did not even apply for compensation due to low confidence in insurance organizations or exceeding the cost of circulation over potential benefits. In 21% of cases, insurers recognized incidents as non-insurance.

Independent expert Andrei Barkhota points out the difficulties in assessing the possible damage from the actions of cybercriminals. Insurance rules require a detailed transfer of protected information and the cost of access to it.

Co-owner of Mainsgroup Pavel Ozerov notes the unwillingness of information security services and IT divisions to provide insurers with full access to data on security systems to assess risks.

The head of the National Insurance Information System Nikolai Galushin cites statistics according to which 99% of legal entities registered in Russia do not have insurance coverage against data leakage.

InfoWatch research shows that the main obstacles to the development of the cyber insurance market are weak business readiness to manage information risk, distrust of insurance institutions and limited offers in the cyber risk insurance market.^[7]

Reasons for the poor development of the cyber insurance market

Insurance companies cannot offer large customers acceptable conditions for protection against cyber risks due to the lack of statistics to form tariffs and unwillingness to take increased risks. The problem was discussed at a round table in the Federation Council on November 7, 2024.

According to Kommersant, insurers set significant restrictions on the amount of coverage - up to ₽500 million, which is not enough for large organizations. Policies do not cover losses when using unlicensed software and damage from DDOS attacks.

Why the cyber insurance market is developing poorly in Russia

Alexey Yanin, Managing Director for Ratings of Expert RA Insurance Companies, notes that cyber insurance remains an understudied direction, and the lack of accumulated statistics makes it difficult to assess the likelihood of incidents and potential damage.

According to the company "Solar," for the nine months of 2024, 569 cyber incidents were recorded, which is 80% higher than the indicators of the same period in 2023. In the first half of 2024, 49.5 million personal data records were leaked.

Denis Senyukov, head of the financial sector at Informzaschita, points to a conflict of interest: companies seek to shift the maximum responsibility to insurers at minimal costs.

Pavel Ozerov, co-owner of the Mainsgroup insurance broker, proposes to create a single competence center and a platform solution for universalizing the approach to insurance. Such a platform can be RNPK or reinsurance pool.

Experts predict a twofold increase in the volume of the cyber insurance market, which may exceed ₽3 billion by the end of 2024. However, the development of the segment is hampered by the complexity of risk assessment and the lack of compromise between insurers and customers.

The situation is aggravated by the high cost of ensuring cybersecurity and the growing number of hacker attacks. Insurance companies are forced to exercise caution when forming the terms of contracts, which does not meet the expectations of potential customers.^[8]

The number of cyber insurance contracts has grown by 60% over the past two years

AlfaStrakhovanie notes a significant increase in business interest in cyber risk insurance. Over the past two years, the number of contracts has increased by 60%. More often, requests for this type of insurance coverage began to appear from companies with large data centers (data centers), as well as from state-owned companies. The company announced this on May 28, 2024. Read more here.

TC "Zosod" and "Zetta Insurance" have developed a special offer to protect the owners of an electronic signature

UT "Zosod" and the insurance company "Zetta Insurance" have developed a [1] special offer to protect the owners of an electronic signature. About this CT "Foundation" reported on May 13, 2024. Read more here.

2023

The volume of the Russian cyber insurance market has grown to ₽1,3 billion

The volume of the cyber insurance market in Russia in 2023 reached ₽1,3 billion. This became known in mid-October 2024 from the assessment of the insurance broker Mainsgroup.

In 2024, this segment is expected to grow significantly - more than twice. It is predicted that the market size may exceed ₽3 billion. Such a forecast is based on regular surveys of market participants, including insurers, customers and companies specializing in cybersecurity.

The volume of the Russian cyber insurance market increased to ₽1,3 billion

According to Kommersant, cyber risk insurance protects businesses from threats related to Internet use, data storage and processing, as well as working with IT infrastructures. The policy typically covers losses resulting from cyber attacks, including cases using social engineering techniques, disloyal employee actions and technical failures.

According to Sergey Khudyakov, co-owner of Mainsgroup, insurers are showing interest in cyber insurance, since it is a free, unformed market with minimal competition. At the moment, five companies offer insurance against cyber risks: Sberbank, Alfastrakhovanie, SOGAZ, VSK and Ingosstrakh.

Ilya Shalenkov, head of the Kept cybersecurity services group, notes that many companies have realized the need for additional ways to reduce information security risks. In addition, they are ready to demonstrate to insurers the level of their processes and protection measures to obtain an adequate amount of insurance premium.

Experts point to a number of factors contributing to the growing interest in cyber insurance. Among them are the activity of hackers and the increase in the number of cyber attacks. According to the Ministry of Internal Affairs, the damage from cybercrimes in Russia at the end of 2023 amounted to ₽156 billion.^[9]

Increase in the volume of insurance premiums in cyber insurance by 20% to 900 million rubles

The total volume of insurance premiums in cyber insurance in Russia in 2023 reached 900 million rubles, an increase of 20% compared to the previous year, when the indicator was measured at 750 million rubles. Such data in February 2024 led to the All-Russian Union of Insurers (SCS).

As RIA Novosti was clarified in the press service of the BCC, the figures presented are an assessment of all policies with elements of cyber insurance. Specialized cyber risk insurance policies are still being implemented no more than 40% of the total statistics, the union added.

The total volume of insurance premiums in cyber insurance in Russia in 2023 reached 900 million rubles

As Kommersant writes in the issue of January 29, 2024, cyber insurance has long been discussed as one of the mandatory conditions for regulating the responsibility of companies for information security.

It is necessary to oblige companies to have financial support to compensate for harm caused to personal data subjects in case of violation of the law. It can be a bank guarantee, an insurance contract, a reserve fund, - said the deputy chairman of the council for the development of the digital economy under the Federation Council Artem Sheikin to the publication.

According to him, by the end of January 2024, the bill is at the final stage of development, it is planned to be discussed with departments and business at a meeting in the Federation Council in February 2024.

Commercial Director of Bi.Zone Konstantin Levin, in a conversation with the newspaper, noted that within the framework of cyber insurance processes, in addition to the insurer and the customer, a third party is needed that analyzes the situation with the client, but these procedures have not been worked out by the beginning of 2024, and there are no assessment criteria.

According to Vitaly But, Vice President and Head of the Information Security Department of the VSK Insurance House, by the beginning of 2024, cyber insurance in Russia is not actively used within the framework of risk management. Insurers, in turn, are developing this direction, offering new products and services for companies from various sectors of the economy, he said.^[10]

Growth of the Russian cyber insurance market by 80% to 1.3 billion rubles

In 2023, Russian insurance companies earned 1.3 billion rubles from the sale of policies that protect businesses from cyber risks. Compared to 2022, the volume of this market increased by 80%. This is evidenced by the data of Promsvyazbank (PSB), published at the end of January 2024.

As Kommersant writes with reference to the vice-president and director of the department for the development of non-banking services at PSB Aleksei Nazarov, most often large clients from the banking sector or industrial enterprises resorted to cyber insurance in 2023 - usually from the fuel and energy complex and metallurgy. In some cases, the insurance included a cyber audit, which is a service for checking the security of corporate IT systems.

Russian insurance companies earned 1.3 billion rubles from the sale of policies that protect businesses from cyber risks

Other market participants are also talking about an increase in demand for cyber insurance. So, according to Zetta Insurance, the number of new requests for cyber risk insurance in 2023 increased 1.5-2 times. Demand is directly proportional to the growth of incidents with data leaks and hacker attacks, according to the company. In 2023, Roskomnadzor discovered 168 leaks (140 in 2022).

Rosgosstrakh notes the demand primarily from the banking sector and telecommunications companies, which are "today more susceptible to attacks," recognizing that in Russia it has not yet become "significant for the market." At the same time, cyber insurance since the end of 2022 has been discussed as one of the mandatory conditions for regulating the responsibility of companies for information security, the newspaper notes.

The Bank of Russia clarified to the newspaper that cyber risk insurance is one of the tasks determined in the regulator's plan of work until 2025, however, "to establish uniform requirements for such an insurance product, insurers must have developed sufficient experience."^[11]

2022

About a third of companies are confident that cyber insurance will help them recover from the information security incident

Only 6% the Russian of companies as of August 2022 insure cyber risks and 21% plan to use the service, which began to gain popularity only in 2017 after a large-scale epidemic. viruses extortioners Some companies believe that the presence insurance will help to recover faster after being implemented attacks and make the company more secure. The rest are not yet ready to implement the service - mainly due to the lack of a budget for it. These data follow from a survey conducted by experts of the company "," RTK-Solar which announced this on August 11, 2022. Almost 400 respondents took part in the study, including representatives,,,,, and industries financial industries transport retail others ENERGY INDUSTRY. public sectors

As of August 2022, cyber risks are insured, as a rule, by large corporations and organizations with significant budgets and distributed ones. IT infrastructure Almost 2/3 of respondents already working with the service are representatives IT and finance, that is, the most digitalized areas. At the same time, traditionally conservative industries also have such companies. So, 16% of respondents using the service account for and, oil and gas and the electrical power industry same amount for. state authorities

Cyber insurance makes the company more secure - this is the opinion of 61% of those who are interested in the service (already use or plan). 36% of respondents are sure that the payment will help to recover faster after the incident. Also, 2/3 of the respondents believe that their company has become much more attractive (for customers, partners, employees) after the introduction of cyber insurance.

Respondents who do not yet plan to insure cyber risks are the majority. The main barrier 33% of respondents call the lack of budget for this service and its high cost. Moreover, almost 70% of respondents, in principle, are not ready to include information security insurance in their expenses. The financial aspects are mainly indicated by representatives of small and medium-sized businesses. For large companies, the key problem was the management's misunderstanding of the need for such insurance. Other reasons for failure include internal company regulations and a lack of understanding of the value of the service to business.

9% of respondents admitted that at the time of the cyber incident, they regretted that they did not have a cyber policy, thanks to which they could recover much faster.

As you can see, there is interest in cyber risk insurance from organizations. But there is a certain distrust of this service and unwillingness to spend the budget on a tool whose benefit is incomprehensible. However, it's a matter of time, said Darya Koshkina, head of cyber threat analytics at RTK-Solar. - The introduction of the insurance service should increase spending on information security by 10% - this is the opinion of the majority (33%) of those surveyed by us. 15% of companies are ready to budget an additional 20%. However, the policy alone will not help to cope with a cyber attack - before going into insurance, you need to "bring your information security protection to mind." Investments in cyber protection and insurance must be balanced - otherwise such a financial instrument will not be justified.

AlfaStrakhovanie and Fly Drone launch online drone insurance

AlfaStrakhovanie"" and the company Fly Drone"" entered into an agreement on the launch online insurance service of flights (unmanned aircraft BVS). Owners and operators drones will be able to protect their civil liability in case of force majeure and minimize financial losses. AlfaStrakhovanie announced this on June 29, 2022. More. here

2021

Increase in demand for cyber insurance by 60%

The number of requests for quotations and insurance of cyber risks from large and medium-sized businesses in 2021 increased by 60% compared to 2020, the AlfaStrakhovanie study showed, the results of which the company shared on February 4, 2022. This is due to the increase in resonant cases of cyber attacks in Russia and the world and the increased requirements of large companies for their suppliers to protect confidential information.

The greatest interest in protecting such risks is shown banks financial by sector companies, companies engaged e-commerce in and providing, IT services as well as large industrial enterprises that actively automate their own. business processes

As a rule, they choose programs with coverage for damage to the company as a result of interruption of activities and provision of services, as well as responsibility to customers.

Among the key insurance claims faced by cyber risk-insured customers are:

DDoS attacks on web applications,
hacking the company's website,
phishing and further host encryption,
transition to an infected resource and further encryption of hosts,
hacking the infrastructure by cybercriminals with further disruption of equipment, mail, business applications.

Over the past three years, cases of resonant cyber attacks have become more frequent - both in Russia and abroad. The constant threat of their repetition fuels business interest in protecting cyber risks. Also, one of the demand drivers was the federal law "On Information, Information Technologies and Information Protection" from 27.07.2006 N 149-FZ. More and more companies understand the need to take IT risks into account when building risk management policies. In addition, large companies began to oblige their suppliers to issue cyber risk insurance contracts, "said Ekaterina Kryuchkova, head of the financial risk insurance department at AlfaStrakhovanie. - Insurance protection will help reduce the amount of financial damage to the company as a result of a cyber incident and promptly restore the company's activities.

Accenture to offer cyber insurance with Generali and Vodafone Business

Accenture will offer cyber insurance in conjunction with Generali and Vodafone Business. Accenture announced this on December 27, 2021. Read more here.

President of Uzbekistan signed a document on the digitalization of the insurance market

President Shavkat Mirziyoyev on October 23, 2021 signed a decree aimed at developing the sphere insurance and digitalizing it. More. here

83% of Russians began a thicket to use insurance online services against the background of a pandemic

On June 1, 2021, information appeared that 83% of Russians began to chashche use online insurance services amid the pandemic. Such data are given according to the results of a study conducted by the All-Russian Union of Insurers (BCC) and AS & M. Over the past 12 months, 74% of respondents to the total number of consumers who received insurance services over the past year have used digital insurance services.

The most popular online insurance services were the purchase of a new policy and the extension of the insurance contract (used by 51% of respondents). The demand is followed by an online settlement without a visit to the office and an application for an insured event (29% and 25% of respondents, respectively).

The results of a consumer survey demonstrated that the pandemic, combined with the efforts of insurance companies, has become a powerful driver of digitalization in the field of online insurance. More than 60% of respondents are aware of digital insurance services (the exception is online settlement, with which approximately 50% are familiar).

There is a significant increase in trust on the part of the target audience in digital insurance services and the willingness to completely switch to online service. All parameters of the Digital Perception group (trust in digital services of the UK, satisfaction with the use of digital services in insurance and readiness to switch to online service) increased by 5 percentage points compared to the first half of 2020: from 75% to 80%, from 80% to 85% and from 73% to 78%, respectively.

The survey was conducted by the ICS and AS&M as part of a project to calculate the Digital Insured Index (DCI) - the first analytical indicator in Russia, assessing the level of digitalization of products and services of insurance companies for customers - individuals. In the second half of 2020, compared with the first, the ICZ increased by 1 percentage point. - from 43% to 44%.

The ICZ appeared just a couple of days after the president Russia Vladimir Putin instructed the government of the country to approve the digital transformation strategies of 10 key sectors of the domestic economy and the social sphere.

The DPI is calculated on the basis of three groups of parameters reflecting the interaction of insurance companies with retail customers in the digital environment: Digital Presence (digital presence), Digital Practice (digital practice) and Digital Perception (digital perception). Digital Presence assesses the intensity of interaction between insurance companies and customers in digital sales and service channels, Digital Practice takes into account the possibility of online interaction (not only policy purchases, but also insurance claims settlement), and Digital Perception reflects the subjective perception of consumers' experience of interaction with digital services (based on population surveys).

As noted by Marina Belova, CEO of AS&M, the trend of the transition of insurance services online will continue, but the pace of this process is changing.

"We do not exclude that after the abolition of forced isolation in the first half of 2021, we will observe some slowdown in digital transformation or even retrograde processes. It is important to note the fact that there are companies in the industry that have already advanced far along the path of digital transformation, and there is a group of companies that are taking the first steps, and their potential for growing digital services has been exhausted by no more than 10-15%, "Marina Belova emphasized.

According to AS&M specialists, judging by two studies in 2020 and 2021, the share of digital services will gradually grow by 2 percentage points. for the half year. This growth is likely to continue until the share of online services reaches the level of pre-saturation. A certain share of consumers, maybe 20%, and maybe 30%, will use traditional storefronts and options for interacting with insurance companies in the foreseeable future.

According to AS&M, the greatest potential is for online settlement of insurance claims. The consumer is not used to such a practice and doubts its effectiveness. In order for online settlement to become the industry's de facto standard, pioneers in this area need to provide customers with a vivid positive user experience.

The AS&M survey showed that there are some specific products that at the moment were not very in demand. For example, travel insurance abroad (policies that were issued almost exclusively online).^[12]

2020

Increase in demand for cybercrime insurance by five times

Demand for insurance from cybercrimes in 2020 increased fivefold compared to 2019.

The number of policies purchased by companies approached a thousand. This became known on April 10, 2021, according to Svetlana Gusar, vice president of the SCC, who also added that as of April 2021, less than 10 organizations offer these services. It is also specified that the greatest demand was recorded from credit institutions, as well as from companies whose activities are related to the IT industry.

Thus, Sberbank Insurance (SberStrakhovanie) notes a noticeable increase in interest in such insurance products. In particular, experts associate this with the transition of companies to remote work. At the same time, it is noted that cyber insurance is quite expensive, since banks and insurance companies cannot yet accurately determine the potential losses of companies from cyber purchases.

As reported, the minimum price of the policy is from 5 thousand to 600 thousand rubles per month, and the amount of coverage is in the range from 1 million to 150 million rubles, depending on the conditions^[13].

VSK and Angara Professional Assistance launched a cyber insurance product

Insurance House VSK and Angara Professional Assistance have launched a cyber insurance product based on Kaspersky Lab technologies. This was announced on October 26, 2020 by Angara Technologies Group.

The intelligent basis of the information security service is Kaspersky Lab's software solution for protecting against complex and unknown threats - Kaspersky Endpoint Detection and Response (Kaspersky EDR), as well as the Angara Cyber Resilience Platform (ACRP), designed to monitor, investigate and analyze cyber threats. Read more here.

The branch of Ingosstrakh in the Astrakhan region entered into the first cyber risk insurance contract

The branch of Ingosstrakh in the Astrakhan region concluded the first contract for insurance of sites against cyber risks. The Cyber Risks (Sites) insurance program provides protection against loss of significant information on the site and loss of access to it as a result of a cyber attack or virus infection. This was announced on September 28, 2020 by Ingosstrakh. Read more here.

Ingosstrakh introduced a cyber insurance product

On April 20, 2020, Ingosstrakh introduced a product - a cyber risk insurance policy developed in partnership with Informzaschita. Read more here.

2019

Sberbank Insurance insured Dodo Pizza against cyber risks

On July 11, 2019, Sberbank Insurance (SberStrakhovanie) announced that it had insured Dodo Pizza's information systems and resources against cyber risks, including software, corporate email, Web site, cloud service and databases.

SK Sberbank insurance"" entered into an agreement with Dodo Pizza under the MyCyberInsurance Optima program. The program provides for insurance of losses from a break in economic activity and from unauthorized debiting of money from a client's account as a result of a cyber incident, as well as insurance of civil liability for harm that can be caused to third parties as a result of a cyber incident.

According to, in to data FinCERT 2018, the number of unauthorized transactions from the accounts of legal entities increased 7.3 times to more than 6 thousand, and the amount of theft from cyber attacks amounted to about 1.4 billion rubles. These are very impressive numbers, so one of the key tasks of the business is to protect information systems from cyber threats, and not only by optimizing and improving IT technologies, but also by insurance against cyber incidents,

Dodo Pizza is an international pizza chain. We use information technology to improve processes and make a stable quality product. At the heart of our network is the cloud management system of the Dodo IS pizzeria. This is an ERP system that covers all aspects of our business: customer orders, a mobile application and a website, processes for preparing pizza in a pizzeria, the work of the cash register and accepting payments, all the operational work of a pizzeria and much more. This is a very large part of our business and it is important for us that our information system works smoothly, so we invest in its development, including IT protection, and now also in insurance protection,

Sberbank Insurance: Cyber insurance market may reach 8-10 billion rubles by 2025

On May 24, 2019, the company Sberbank Insurance (SberStrakhovanie)"" announced that Russian insurance market cyberrisks it could reach 8-10 billion rubles by 2025. The main incentives for the development of this segment will be the growth of cyber threats against the background of the development of digital technologies, improving legislation in the field data protection and increasing the information culture of citizens and entrepreneurs.

According to the company, the number of cybercrimes Russia in is constantly growing. By, in to data MINISTRY OF INTERNAL AFFAIRS 2018 there were 92% more of them than in 2017. According to the data, in FinCERT Bank of Russia 2018 there were 417 thousand unauthorized operations payment cards using a total of 1.3 billion rubles. This is 31.4% more in quantitative and 44% more in monetary terms compared to 2017. According to Sberbank estimates, by 2022, 1 trillion devices will be connected to the worldwide network, and the damage from cyber attacks may global economy grow to $8-10 trillion per year.

The main risks to business data breach are production downtime due to DDoS the attack, impact harmful viruses and use of social engineering methods by attackers. According to expert estimates, the average damage from a cyber incident for large companies is 11 million rubles, for small and medium-sized businesses - 1.6 million rubles. Faced with cyber incidents, companies are increasing budgets by. safety In addition, the demand for protection against cyber threats with help is gradually beginning to form. We insurance expect an "explosive" growth of the cyber insurance market in the five-year term, by 2025 the share of this segment in the all-Russian non-life insurance fees may amount to about 0.5-0.7%

Vladimir Novikov, Risk Director of Sberbank Insurance

The volume of the Russian cyber insurance market for May 2019 is measured in tens of millions of rubles, but in the coming years, analysts at Sberbank Insurance expect the rapid development of this segment. The main contribution to the formation of "fashion" will most likely be made by large companies, but the bulk and demand will be formed by small and medium-sized enterprises, as well as individuals - everyone who uses a smartphone.

SK Sberbank Insurance was the first in Russia to offer mass products for cyber risk insurance. So, in 2017, the company included in the insurance package for small businesses the risk of a break in production as a result of cyber attacks. At the end of 2018, the company offered this type of insurance to individuals, including the risk of cyber threats in the bank card insurance product. For six months of action, such policies have already been issued by about 2 million clients.

2018

AlfaCyber - Cyber Risk Insurance Policy

In February 2018, AlfaStrakhovanie, realizing the importance of insurance protection against cyber operations, launched the AlfaCyber product on the Russian market . A cyber protection policy will minimize the financial and information risks of almost any business or company that will be subjected to cyber attacks in the future.

Cyber threat insurance, ATM and cryptocurrency attacks

Cybersecurity trends in 2018 were presented at the Cyber Security Forum, which takes place in Moscow on February 6, 2018. The event is organized by ROCIT - Regional Public Center for Internet Technologies, RAEK and Digital October^[14].

The first trend: the emergence of new viruses and the expansion of the arsenal of cybercriminals through the use of new technologies

Cybercriminals will attack legitimate software developers more often than end targets. Large companies with reliable and multi-layered cyber defense are at risk. In such cases, it is much easier to use an intermediary, which can be a manufacturer of popular programs used in the corporate segment.
Criminals will continue to actively distribute viruses encoders-. Many attacks with their help can be aimed at industrial systems.
Another attractive target for hackers is personal data. They are characterized as "new oil." In this case, Big Data will be used in the attacks themselves - for more targeted access to the user.
The difficulty of detecting and removing malware will also increase due to the use of DNS, encryption, confusion and other technologies.

Second trend: infrastructure cyber threats

As part of this trend, attacks on software interfaces, massive hacks of routers and modems, hacking of ATMs and POS terminals, strengthening control over the Runet infrastructure, creating a centralized communication network management system, as well as attacks on cloud services are predicted.

Third trend: attacks on cryptocurrencies

For these purposes, cybercriminals will actively use botnet networks for mining, as well as conduct attacks on exchanges and users.

Fourth trend: changes in legislation

In 2018, a law on the security of critical information infrastructure came into force. Thus, the priority trend of companies will be an increase in cybersecurity costs related to KII, which will "provoke" a further technological "arms race."
The authors of the study emphasize that the Central Bank is becoming a regulator in the field of information security for financial organizations.
In addition, from May 25, 2018, the European Regulation GDRP (General Data Protection Provisions) will begin to apply, which will inevitably lead to an increase in the costs of Russian companies whose activities are associated with EU member states.
Also, cybersecurity will be affected by the entry into force or transfer of the "Spring Law," import substitution policy and strengthening requirements for information protection licenses.

The fifth trend: social aspect

As part of this trend, the development of the idea of insurance against cyber threats is noted. Companies will begin to view cyber threats as one of the key commercial risks. As a result of the change in legislation, companies will more often audit the security of their automation systems, assess information security risks and look for ways to reduce or transfer them. Financial institutions and technology companies will be the first to implement insurance for such risks.
Manipulation and hacking of media and social media is also expected to increase in order to profit from retail fluctuations provoked by informational fakes.
At the same time, Internet users will remain a "weak link" and one of the main tools of cybercriminals. Most viruses enter corporate networks through email and opening files and links by employees.

For the first time in Russia, electronic wallets were insured against hackers

MTS was the first in Russia to insure the electronic wallets of its clients against hacker attacks.

'The protection of electronic payment tools is becoming more urgent. Digitalization penetrates all spheres of human life and fraud shifts from the physical world to the virtual one. The threat of cyber risks is increasing, therefore, I am sure we managed to offer a timely solution demanded by the market, "said Igor Fatyanov, CEO of Zetta Insurance

Insurance provides compensation for the theft of funds by hackers up to 10 thousand rubles. Such insurance works only in Russia in the MTS Wallet service. Insurance does not apply to other services, but other players in the market can also use the practice.

2017

Development of cyber risk assessment system AIG CyberEdge

In December 2017, AIG announced the launch of a system that evaluates customer cyber risks and provides more advanced analysis of hacker insurance. Since November 2017, AIG underwriters have been using a computer analysis method that combines information from a new insurance application developed for the process and data on current cyber threats to generate estimates on various co-factors.

Main article: AIG CyberMatics CyberEdge Cyber Risk Insurance

Standards for information risk insurance services will appear in Russia

Within the framework of the Digital Economy program, by the second quarter of 2020, it is planned to develop industrial standards and other regulatory documents for information risk insurance services. It is proposed to entrust this task to the Central Bank of the Russian Federation, the Ministry of Finance and the self-regulatory organization "Association of the Guild of Actuaries."

The draft action plan of the Digital Economy program under the Information Security section also provides for a number of measures aimed at popularizing insurance mechanisms for protecting information resources of enterprises. According to preliminary estimates, the federal budget expenditures on the popularization of cyber insurance will amount to 200 million rubles. The document was developed by the competence center in this area, created on the basis of Sberbank.

The content of the insurance service for cyber insurance is not standardized, in world practice it varies from country to country and depends on the legislative environment, the document says. - Tracing paper from an American or Western European product practically does not meet the needs of enterprises in Russian jurisdiction. Accordingly, there is a risk of a gap (gap) between the insurance coverage offered by international insurers and the risks of domestic companies.

By September 2018, it is proposed to develop rules for collecting, processing and transferring information on information risk insurance contracts, insurance events and payments to a single database. A register of such contracts should also be maintained. According to the authors of the document, statistics will be required to charge cyber risk insurance products.

It is planned that by the beginning of 2019, cyber risk insurance will be attributed to the cost of accounting. The corresponding amendments are proposed to be made to Art. 263 of the Tax Code, including in the costs of compulsory and voluntary property insurance the costs of cyber risk insurance. In particular, the responsibility of personal data operators and interruptions in activities as a result of cyber risks should be taken into account.

As the authors of the document explained, the attribution of insurance costs to cost in accounting will allow you to insure information risks from cost, and not from profit. To this end, it will be necessary to amend the insurance legislation in terms of allocating cyber risk insurance into a separate type of insurance and equating information risk insurance with insurance of "physical" assets of the enterprise.

For personal data operators, it is proposed to normatively consolidate the obligation to have a financial guarantee of responsibility in accordance with the class of the information system for the processing of personal data. Own funds, a bank guarantee and an insurance policy can be used as a financial guarantee.

In addition, it is planned to introduce a standard for mandatory information security audit for enterprises of certain sectors of the economy (for example, financial and banking sectors, strategic industries - metallurgy, mechanical engineering, shipbuilding, aircraft industry, etc., as well as airports, train stations, ports, etc.).

In particular, it is proposed to introduce requirements for compulsory insurance of cyber risks in these industries, while the list of risks should include risks of interruption in activities as a result of the implementation of cyber threats. At the same time, it will be logical to introduce a requirement from the Central Bank for insurance companies to reinsure cyber risks in the RNPK, the authors believe.

It is expected that through the introduction of these measures, insurance will be carried out on the basis of a risk assessment, and the availability of an audit report will simplify and speed up such a risk assessment. In addition, mandatory cyber insurance for certain industries will create an appropriate market.^[15]

Mains: The cyber insurance market will reach 1 billion rubles by 2025

In November 2017, the insurance broker Mains Insurance Brokers & Consultants (Maines Insurance Brokers and Consultants, MSBK), Allianz and Infosecurity presented a forecast for the development of the cyber risk insurance market in Russia. According to experts, by 2025, insurance premiums in this market will reach 1 billion rubles.

Cyber incidents

In 2017, in the European Region, which includes Russia, cyber risks ranked second among the most serious risks to enterprises. This is stated in the annual Allianz Risk Barometer study, which is conducted among directors and risk managers of large enterprises.

In 2016, Russia ranked second in terms of the number of registered information leaks (213 registered cases of leakage of confidential information and 70 million attacks on Russian information resources). On average, one stolen entry costs the company $158, and in the future this figure may increase to $200-300. The damage from cyber attacks in Russia in 2015 amounted to 203.3 billion rubles (0.25% of GDP).

Among the high-profile cyber attacks in Russia in recent years are personal data leaks and SMS from the mobile operator Megafon in 2011, attacks on banks for extortion (an incident with Bank St. Petersburg) in 2016 and 2015, as well as attacks by the WannaCrypt0r 2.0 virus. In March 2017, the virus penetrated a number of ATMs, enterprises (Megafon, Russian Railways), banks (Sberbank) and state institutions (Ministry of Internal Affairs).

The affected organizations were not immune to cyber attacks. What could be the amount of potential damage? According to the insurance company Allianz, large companies on average spend about 11 million rubles to eliminate the consequences, medium and small - 1.6 million rubles. And this is without the size of a direct loss.

Against the backdrop of increasing threats, investment in information security is desperately needed. At the same time, you need to remember that preventive measures do not give a 100% guarantee, which is why it is important to think about minimizing possible damage if the attack could not be stopped. For such cases, there are cyber risk insurance products.

The volume of insurance premiums in Russia in this market does not exceed 10 million rubles. However, according to Mains Insurance Brokers & Consultants, exponential market growth will begin in 2019, and in 2025 its volume will reach 1 billion rubles.

Importantly, there is a direct relationship between the rate of leak detection and neutralization and the cost of settlement. Every year, such costs are growing, which indicates the need to invest in data protection technologies and develop internal expertise to reduce response time and leak detection, as well as be sure to compensate for the cost of attracting third-party experts to reduce the amount of loss.

Cyber Risk Insurance Legislation

In Russia, legislation in terms of violation of the safety of data is poorly developed. The amount of fines varies from 1 to 50 thousand rubles. However, the situation should change in the coming years. Within the framework of the Digital Economy program, the state is implementing measures aimed at forming a civilized cyber insurance market in Russia. One of these measures may be the mandatory purchase of a cyber risk insurance policy.

"Legislative bodies, both in Russia and abroad, are showing great interest in regulating the online environment and content - confirmation of this is the" Spring Law "and GDPR, which should enter into force in the summer of 2018. Simultaneously with the tightening of requirements for the work of companies, these laws increase the value of personal data themselves. Even if cyber risk insurance does not become mandatory, there are more and more legislative prerequisites for voluntary cyber risk insurance, "comments Vadim Mikhnevich, Deputy Director of the Allianz Financial Line Insurance Department

Large European banks began to actively insure capital against cyber attacks

Increasingly, banks are turning to insurance companies in order to protect their capital from operational risks, including cyber attacks and impure employees. Representatives of insurance agencies said they would be able to help creditors, in the form of an additional level of expertise on their part.

After a series of expensive lawsuits and interruptions in the IT infrastructure, banks such as Credit Suisse, Deutsche Bank and Lloyds began to look for ways to minimize costs for such episodes. Partial coverage of risks by insurance companies was recognized as the most optimal way out of the situation.

Most such insurance contracts are drawn up privately, and details are not published anywhere. However, the sale of CHF 220 million worth of bonds by Credit Suisse Bank to cover possible operational risks attracted public attention last year.

Bond buyers were given favorable terms with more than 4% per annum, but they may also suddenly lose their investments, for example, if bank employees are charged with committing malfeasance or a cyber attack is committed on the bank.

Insurance company Zurich Insurance took over the coverage of potential losses.

Insurance companies hire operational risk specialists who have experience in large banks to better understand the overall picture and adequately assess the situation in financial institutions.

The Basel Committee on Banking Supervision defines operational risk as "the risk of loss as a result of inadequate or improper actions in dealing with internal processes, personnel, systems or as a result of external factors." The definition includes cyber attacks, IT infrastructure outages, industrial espionage and financial fraud.

Banks first began looking at operating risk insurance ten years ago, just before the onset of the financial crisis. Then the discussion of this issue was postponed until better times. And so, according to insurance agents, last year several banks again began to show increased interest in this topic^[16].

Compulsory cyber risk insurance may appear in Russia in 2022

Russia In plan to create a large-scale market for insurance against cyber risks. The working group is headed by. Sberbank The policy information security may become mandatory from 2022 for the Ankov sphere, airports and train stations, as well as for the metallurgy, mechanical engineering, shipbuilding and aviation industries. The newspaper "" writes about this Businessman with reference to the program action plan.

In addition, an industrial standard for mandatory information security audit will be introduced in Russia. It will spell out the conditions for insurance and the collection of statistics, models of actuarial calculations of tariffs.

To implement the project, it will be necessary to amend the Law on the Organization of Insurance Business - add a new type of insurance. At the same time , project costs will have to reduce the tax base, so amendments will also be made to the Tax Code.

2011

In Russia, information security risk insurance is a relatively new and largely low-demand area. In Russia and abroad, the most common insurance program, which as one of the components includes insurance against electronic and computer crimes, is currently the program of comprehensive property insurance of banks (Bankers Blanket Bond, BBB). At the same time, 80% of losses for this type of insurance are incurred by banks due to disloyalty of personnel, expressed in the theft of funds from bank accounts using computer systems. Since in this case it is often difficult to quickly determine whether the bank was attacked by cybercriminals from inside its IT infrastructure or outside, banks often practice, along with a BBB policy, to purchase Computer Crime policies that insure against external cyber attacks.

There are also unique projects of insurance programs developed in our country. The authorship of one of them belongs to Allianz. It offers remote banking insurance against damage during attacks not only on information systems of RBS banks, but also on client ones. In practice, there are already precedents of insurance payments for such insured events.

Allianz representatives expect that since the beginning of 2013, interest in shifting RBS risks to insurers will increase due to the onset of mandatory for banks under the law "On the National Payment System" to reimburse RBS customers for damage from theft of funds in bank accounts from January 1 of the new year.

The cost of insurance, both under the BBB and Computer Crime programs, and in general, is determined by the terms of insurance and the results of the insured's pre-insurance examination. The examination is carried out either by independent experts or by experts of the insurance company. During the audit, experts identify such indicators as the number of employees of the insured, loss statistics, the organization of access to certain information blocks, the means of protection used, certificates of compliance with current regulatory requirements, etc. Based on the results of the audit, the cost of insurance and the insured amount are determined.

The resulting document regulating the relationship between the insured and the insurer is the insurance contract - the insurance policy. The higher the security of its IT resources is demonstrated by the insured (including using documents confirming compliance with current standards and laws), the cheaper insurance costs him (including the cost of the audit itself). Currently, each Russian insurer has its own criteria, which it uses when assigning an insurance amount and an insurance premium.

Insurance of information security risks is mainly carried out by banks and representative offices of foreign companies that comply with the requirements of corporate standards. At the same time, the range of information security risks (even in the banking sector alone) and losses from them are much wider than those covered by BBB and Computer Crime policies.

The closeness of the activities of Russian financial institutions prevents the insured from conducting a mandatory and sufficiently detailed questionnaire of potential policyholders to find out what and to what extent information security risks they are subject to. Practice shows that as soon as such a questionnaire is approved by the information security service of the bank, it falls under the cloth and the insurance transaction often 'dies'. Experts argue that only providing insurers with the necessary information will be able to turn the tide for the better in the field of insurance of banking information security risks.

The bulk of insurance companies operating in Russia are not engaged in insurance of risks associated with the use of IT, but are focused on those segments where insurance amounts and the amount of coverage of risks are much easier to calculate.

Those few insurers who work in Russia in the field of information security risk insurance use mainly foreign experience to determine the conditions of insurance. Thus, in international insurance practice, the audit is paid by the one who initiates the insurance contract. There are frequent cases when the insurer allocates about 2.5% of the insurance premium for the audit of the insured.

In 2011, the non-profit partnership "ABISS Information Security Standards User Community" was formed in Russia. One of the tasks of the information risk insurance committee created within the framework of the ABISS is to analyze legislation, standards and practice of their application in order to develop proposals for improving the regulatory framework in the field of information security risk insurance. Among other functions of the committee, explanatory work in the professional environment on the practical application of recommendations and rules for insurance of information security risks, initiating independent examinations of insurance events, developing general recommendations for drawing up rules governing the relationship between the insurer and the insurer in the field of insurance of information security risks, starting with the contents of the questionnaire, which begins the audit.

The Bank of Russia Standard for Ensuring Information Security of Organizations of the Banking System of the Russian Federation (STO BR IBBS) recommends insuring part of information security risks. Since the number of cases related to false payment documents is multiplying in Russian courts, electronic payment systems, the amount of amounts stolen using IT is growing, and the consideration of such cases stretches from six months or more, you can expect, that the recommendations of STO BR IBBS in terms of the use of information security risk insurance as a compensation mechanism, shifting the severity of litigation onto the shoulders of the insurer, an increasing number of Russian banks will follow. Experts also expect that the range of possible insurance cases in the field of information security will expand, extending to support the availability of IT services, ensuring the requirements of regulators, etc.

Notes

Источник — «https://tadviser.com/index.php/Article:Cyberinsurance»

The site content is translated by machine translation software powered by PROMT. The machine-translated articles are not always perfect and may contain errors in vocabulary, syntax or grammar. Read original article
If you find inaccuracies or errors in the results of machine translation, please write to editor@tadviser.ru. We will make every effort to correct them as soon as possible.

Simple Link

How to create a "smart plant": Key characteristics of a modern digital enterprise 14700

Model Studio CS: How to use BIM to give new impetus to the development of the fuel and energy complex 17000