Zurich Pushes for National Cybersecurity Metrics to Cut $24 Trillion Risk

Zurich Insurance Group, along with cybersecurity partners, is pressing for the creation of national cybersecurity metrics to address the widening gap between insured losses and the true economic cost of cyber incidents. Despite $14 billion in global cyber insurance premiums in 2023, Zurich notes that only 1% of the $900 billion in economic losses from cyberattacks are insured, with projections suggesting that global cybercrime costs could reach $24 trillion by 2027.

For insurance claims adjusters, this gap signals rising exposure, especially as more small and medium-sized businesses remain uninsured or underinsured. Zurich’s report proposes six national-level metrics, including measures like containment time, recovery time, and the percentage of outdated exploited vulnerabilities. These indicators could provide valuable benchmarks for both underwriting and post-incident analysis.

Of particular relevance to adjusters is the push for a National Cyber Statistics Bureau, which would centralize and standardize cyber incident data—crucial for evaluating claims, identifying systemic risks, and enhancing loss modeling. The recommendation to shift from reactive to proactive data collection and align reporting protocols across jurisdictions reflects an evolving regulatory environment where adjusters may increasingly rely on standardized metrics during claims assessments.

The report’s findings emphasize a critical industry shift: as cyber threats escalate, the demand for standardized data and inter-sector collaboration is growing. Claims professionals involved in cyber, business interruption, and data breach losses will need to adapt quickly, understanding not just the technical causes of cyber incidents but also how standardized metrics could reshape documentation and policy evaluation in the coming years.