Cyber crime insurers largely avoided costly claims from the recent attacks that hit business around the globe. The next global virus could change that.

“It’s exceptionally likely that we will see an event over the next months that will seriously affect insurers,” Graeme Newman, chief innovation officer at CFC Underwriting, said in an interview. “It would only need a combination of WannaCry’s wide reach and Petya’s destructive force to cost cyber insurers something like $2.5 billion, or a full year of gross premium income in the market.”

Reckitt Benckiser Group Plc cut its full-year sales forecast on Thursday after a global cyber attack last month disrupted manufacturing and distribution for the maker of Air Wick fresheners and Dettol cleaners. It was the first detailed indication of the financial toll by a major company.

Hackers may learn to develop even more dangerous tools after attacks such as the WannaCry virus in May and the Petya attack that wreaked havoc in Europe in June by freezing access to computers, allowing the attackers to demand ransom to unlock the systems. Those events didn’t result in meaningful insurance claims because they didn’t affect many companies in the U.S., where currently more than 90 percent of the cyber insurance market is located, Newman said.

Growing Market

CFC underwrites approximately $100 million of cyber insurance premiums, making it one of Europe’s biggest sellers of the product, and has sold the coverage since 2000. As a Lloyd’s of London-backed managing general agent, the company underwrites on behalf of other insurers. The global market for cyber insurance grew to about $3.4 billion in premiums last year and could rise to between $8.5 billion and $10 billion by 2020, reinsurer Munich Re estimates. CFC saw its premiums in the market climb by more than 60 percent last year and Newman expects to match that this year.

“Sooner or later we, will see a billion-dollar cyber claim and the insurance market is well positioned to absorb that,” said Thomas Seidl, an analyst at Sanford C. Bernstein in London. “Everybody has exposure to cyber risks and the best precaution can’t eliminate that, so there is a strong demand for insurance making cyber coverage by far the biggest opportunity for non-life insurers for the next years.”

Biggest Exposure

The largest cyber writers are American International Group Inc., XL Group Ltd., and Chubb Ltd., according to a report by Fitch Ratings. The companies had a combined market share of approximately 40 percent at the end of last year with “over 130 distinct insurance organizations reported writing cyber premiums for the year.”

Low claims, combined with more companies entering the market mean prices for cyber coverage have been falling globally.

“It’s still a market where supply by far exceeds demand,” Newman said. “There is no break in supply with new insurers entering the market.”

With the market growing rapidly, regulators are concerned that insurers could be taken by surprise.

Insurers writing cyber policies “are expected to introduce measures that reduce the unintended exposure to this risk,” the U.K.’s Prudential Regulation Authority said in a statement on Wednesday. It said insurers may face payouts from computer related claims from less specific policies such as general liability or property insurance.

“Although we have not yet seen large insurance losses, recent near misses highlight the large systemic potential of malware in a connected world,” said Marta Abramska, associate director in PricewaterhouseCoopers’s cyber insurance practice said. “The regulator expects insurers to fully understand their exposure.”