Cybercrimes have been dominating our politics, our finances and our national security. Not a day goes by without news of another cyberattack, hacking scheme or massive data breach. They range in scale from simple identity theft of credit card numbers or online passwords to the recent WannaCry attack by North Korean hackers that disrupted computer systems in English hospitals, Chinese universities and German railways. According to the Identity Theft Resource Center, U.S. companies and government agencies suffered a record 1,093 data breaches last year, a 40-percent increase from 2015.

The CEO of IBM Corp. has ominously identified cybercrime as “the greatest threat to every profession, every industry, every company in the world,” while the CEO of Lloyd's estimated that cyberattacks cost businesses as much as $400 billion per year. Meanwhile, the new enforcement directors at the U.S. Securities and Exchange Commission recently warned that hacking crimes are the great threats to our financial markets. Even President Donald Trump has acknowledged cybertheft as “the fastest growing crime in the United States.”

How can companies and consumers protect themselves and manage this increasing threat? Insurance has traditionally been a principal tool for mitigating risk. Yet, while worldwide spending on cybersecurity products rose to a record $73.7 billion in 2016, only 29 percent of U.S. businesses have purchased cyberinsurance. Moreover, cyberinsurance accounted for only a small fraction—between $1.5 billion to $3 billion—of the $505.8 billion generated in premiums by U.S. insurers. The reasons behind the struggling cyberinsurance market are myriad and traceable to obstacles facing both insurers and consumers. A recent report by the Deloitte Center for Financial Services attempted to identify the barriers affecting growth in this promising line of insurance.

From the insurers' standpoint, the lack of historical data on cyberlosses significantly inhibits their ability to build predictive models and properly assess cyberrisk. Simply put, cyberinsurance has not been sold for long enough to develop suitable market trends. The U.S. government does not maintain a centralized database cataloging cyberattacks. Moreover, because of the sensitive nature of cybercrimes, the vast majority go unreported. With insufficient data, insurers are loath to offer comprehensive coverage. In addition, cyberattacks continue to evolve in scope and sophistication. Like terrorism, cyberattacks can occur at any time, any place, and to anyone. With an unpredictable and changing underlying exposure, insurers cannot anticipate and mitigate against these cyberrisks.

Because of these obstacles confronting insurers, consumers face an uneven and expensive market for cyberinsurance products. Insurers offer a patchwork of various coverages, often with minimal limits and nonstandardized language. Moreover, many companies erroneously assume that their general or professional liability policies cover cyberrisks. Errors and omissions policies, however, typically do not cover cyberthefts and hacking schemes that trick employees into issuing payments or divulging confidential and proprietary information. While commercial crime policies may cover the theft itself, they do not account for other cyber-related expenses like forensics, credit monitoring, crisis management, and reputational risks. Yet, standalone cyberpolicies lack standardized language within the industry. Differing terminology from insurer to insurer inhibits a buyer's ability to compare coverage and pricing. This also affects claims management and coverage disputes, as courts have not been able to interpret and enforce uniform cyberinsurance provisions to provide clarity to both insurers and insureds.

Despite these hurdles to a thriving cyber insurance market, Deloitte offered several concrete steps to facilitate access to wide-ranging coverage that is both simple and affordable. As frequent targets of hackers, insurers can draw on their own cybersecurity experiences to develop more accurate predictive models. Following the lead of U.S. intelligence agencies, insurers could also partner with IT professionals and former hackers in order to understand the scope and nature of cyberlosses. Alternatively, insurers could issue more specialized cyberproducts tailored to specific types of exposure such as data breaches or specific areas of technology in order to better assess their risks on a smaller, more manageable scale. Furthermore, insurers could provide all-inclusive cyberrisk management services and post-loss recovery support with their insurance products. This will benefit consumers and businesses by helping prevent cyberincidents from occurring and ultimately lowering premiums, while also decreasing loss frequency for insurers and bolstering account retention.

In the next decade, the proliferation of driverless cars and ride-sharing will likely hurt the insurance industry's most profitable line of business, auto coverage. Moreover, automation and the changing nature of the nation's labor force will inevitably affect another large line, workers' compensation. Accordingly, cyberinsurance is one of the few promising areas for long-term growth. With an ever-increasing spotlight on cybercrimes and hacking, consumer interest in insurance products to protect against those risks will only intensify. If the insurance industry does not become a more reliable provider of comprehensive and affordable cybercoverage, insurers will be left behind as businesses seek alternative methods of managing risk.

Originally published on dailybusinessreview.com. All rights reserved. This material may not be published, broadcast, rewritten, or redistributed