‘Cyber-crime is the crime of our era, of our generation,’ TalkTalk (TALK) chief executive Dido Harding told reporters after a 15-year-old from Northern Ireland allegedly hacked the telecom company’s website.

The attack made headlines because it put the details of TalkTalk’s four million customers at risk of falling into the hands of fraudsters. The good news for the company itself was that while its reputation was under threat TalkTalk had bought a specific insurance policy to cover the costs related to such an event.

Cyber insurance is still in its infancy in the UK with £160 million worth of premiums written in London, according to government figures. But with increasing reports of people using computers to steal money or data from companies, the need to transfer such a huge commercial risk to a third party is set to make it one of the fastest growing classes in the insurance industry.

Indeed, global cyber insurance premiums will reach $20 billion in 2025 up from $2 billion a year today, according to German insurance giant Allianz’s (ALV:DE) estimates. That’s a compound annual growth rate of more than 20%.

If this proves to be an accurate projection one way investors can play the growing incidence of such crimes is to add shares of a cyber insurance provider to their portfolio. This could be difficult due to the lack of a specialist player trading on the London Stock Exchange. Investors looking to gain exposure to the expected rise in cyber insurance premiums will have to buy a mainstream insurer that provides the service alongside more established home and motor lines, such as Hiscox (HSX) and Beazley (BEZ).

Shares’ preferred choice, however, is Novae (NAV). The group is expanding its cyber insurance division and has a sound wider business providing high margin niche business lines, such as fleet car cover or homes where ex-convicts live. The group’s overall combined ratio fell to 89.9% in the six months to 30 June from 91.8% at the end of 2014. This means the group made a 10% profit on the premiums it collected during the period once claims and expenses had been accounted for.

Growing market

Cyber insurance policies cover the costs resulting from a data security breach, which typically means notification, damages and investigation. This involves notifying customers that their data has been stolen, which could involve a PR campaign encompassing newspapers, radio or TV. Legal costs and any damages arising from customers suing the company can be included in policies as well as forensic investigations to discover what has gone missing.

Insurance is needed. Cyber crime costs the global economy $445 billion a year, according to US think-tank the Center for Strategic and International Studies (CSIS). And with more and more incidents reported since, it is safe to assume that the true cost could be higher.

Several household names have been the targets of such attacks, including electronics and entertainment giant Sony (6758: TYO), dating website Ashley Madison, white goods and mobile phone retailer Dixons Carphone (DC.) and credit checking agency Experian (EXPN).

The issue is not only about stealing customer details as in the case of Ashley Madison or publishing internal emails following the hacking of Sony’s servers. Extortion and disrupting operations by causing technical failures to hit revenue and increase costs are reasons to be vigilant.

Increasing awareness of the problems someone hacking into a company’s systems can cause will not be the only driver of demand for this product. Laila Khudairi, a cyber-insurance underwriter at Lloyd’s insurer Tokio Marine Kiln, says regulation will be a catalyst for further growth with new European regulations expected to be brought in line with the US where a company is legally obliged to tell customers there has been a data breach. ‘That increases the exposure of the company and they will want to transfer risk,’ she says. ‘UK companies are buying cyber insurance often for business interruption.’

Buying Protection

The number of cyber-security data breaches is rising and is expected to continue to do so. Nine out of 10 organisations with more than 250 employees have suffered a security breach up from around eight in 10 during 2014, according to UK government report The Information Breaches survey 2015. For companies with less than 50 employees the level rises to 74% from 60% in 12 months.

Of the 664 companies surveyed across a range of industries, 59% believe there will be more security incidents in the coming year.

The survey discovered that 39% of large companies and 27% of smaller businesses have insurance that would cover them in the event of a cyber security breach. Of those without cover, 12% intend to buy such a policy in the next year but worryingly 47% felt it wasn’t a priority while 19% don’t know such coverage exists.

These figures do not necessarily mean that those without specific cyber insurance cover are exposed to funding the cost of dealing with an attack, as their existing insurance policy may include such an event. Awareness of the cyber security risk is high with 88% of FTSE 350 companies including cyber risk within their strategic risk report, up from 58% in the previous year, according to government figures.

A New Line

Novae started writing cyber insurance business at the start of 2014, collecting £10 million of premiums in its first year. It is difficult to assess how profitable the operation is as the company will not disclose the claims it has paid because there is still risk attached to the 2014 account.

Dan Trueman, Novae’s unit head of cyber insurance, is a veteran having worked in the industry since the early 2000s. He says the product is universal as his staff sell it to ‘mom and pop stores’ as well as household names.

Cyber insurance is growing, he says, because data is everywhere and with companies relying more and more on IT systems to operate a cyber-attack could halt trading. ‘Cyber risk is not going away, it is growing exponentially,’ he says. ‘Every firm has it on their agenda. ‘How do we keep our information private and confidential?’

The supply side is growing in terms of risk, but there are only a small group of providers capable of offering this product. ‘So the supply is not going to outstrip demand anytime soon,’ Trueman adds.

He notes that a hacker will always find a way into an organisation if they work hard enough. ‘It is the same with your house. If someone wanted to get into your house and they needed a bulldozer to do it, they would do it,’ he says

One of the big concerns of cyber insurance is finding enough experienced people to assess the risk. In a sign that Novae is investing in its cyber insurance business Trueman recruited Jacqueline Spencer-Sim as an underwriter last month (22 Oct). She joins from Brit Insurance’s cyber team and will have companies in the US on her radar.