Munich Re forecasts APAC cyber premiums to double by 2027

Cyber’s rapid expansion across Asia Pacific (APAC) looks set to continue with Munich Re forecasting premiums in the class will double in the region by 2027.

Speaking to The Insurer ahead of this week’s Singapore International Reinsurance Conference, Michael Hauer, head of non-life for Southeast Asia at Munich Re, said demand for cyber cover was growing amid a rapid digital transformation across the region.

“As awareness rises and businesses become more conscious of the vast loss potential from this line of business, we see cyber as a key area for growth in the region,” Hauer said.

“We expect cyber premiums in APAC to double by 2027, outpacing growth rates compared to the rest of the world.”

While he said growth had previously been driven by companies with highly sensitive data, such as the healthcare sector, the introduction of data breach regulation across the APAC region is now driving greater demand across all segments.

“When we look at large claims in the region – and even global events like the CrowdStrike incident – cyber incidents are increasingly making not only the insurance press, but also the main news outlets. These claims and large loss potential areas are something that we model, and the potential loss size is staggering,” he continued.

Hauer said a rising number of cyber attacks were now taking place in the Southeast Asia region.

“We support our clients with significant cyber capacity, which when we look at the rapid digital transformation across Southeast Asia, and the associated increased cyber threats, this level of support is needed,” he said.

According to a new report from Gallagher Re, the APAC cyber insurance market has been growing at an annual rate of around 50 percent and as of January this year accounted for around 7 percent of the global cyber market.

Gallagher Re said demand for cyber coverage has been particularly strong in Malaysia, Singapore, Australia and New Zealand due to escalating regional cyber threats.

A growing number of jurisdictions in APAC have passed or are in the process of implementing privacy laws, including China, Thailand and Indonesia, with India and Vietnam expected to follow this year.

Meanwhile, Australia, Japan, South Korea, New Zealand and Singapore, which already have established privacy laws, continue to refine regulation to closely align with European standards, the report said.

The penalties for corporates that breach data privacy laws are severe, and the regulatory landscape continues to evolve, creating even greater need for cyber insurance.

Australia, for example, has suffered several high-profile cyber attacks. Telecoms company Optus and Medibank, one of Australia’s largest private health insurance providers, were both targeted in 2022, in breaches that leaked the personal data of tens of millions of Australians.

The severity of the breaches led to lawsuits and the federal government raised the maximum fine for repeated and serious breaches.