Exploring and Practicing Cybersecurity Insurance for Small and Medium Enterprises

In the wave of digital transformation, cybersecurity is an indispensable lifeline for enterprises; Gartner predicts a 14.3% increase in global security and risk management spending in 2024, prompting renewed focus on cost‑effective security investments.

Unlike large corporations with ample budgets, small and medium enterprises (SMEs) face rising security risks, high investment costs, and diminishing marginal returns, making cybersecurity insurance a promising research direction.

Cybersecurity Insurance (Cyber Security Insurance) refers to coverage for economic losses or legal liabilities incurred by the insured due to cybersecurity incidents.

According to Research And Markets, the global cybersecurity insurance market reached USD 119 billion in 2022 and is projected to grow to USD 292 billion by 2027; in China, premiums were about CNY 1.4 billion in 2022, showing rapid growth.

On May 11, the China Cybersecurity Industry Innovation Development Alliance’s Cybersecurity Insurance Working Group, hosted by Ant Group, held a salon titled “Exploring and Practicing Cybersecurity Insurance for SMEs” in Beijing.

Guests from Ant Group, PICC Property & Casualty, Yongxin Zhicheng, Fangda Law Firm, and Alibaba Cloud shared insights, discussing challenges, solutions, and how to make cybersecurity insurance more inclusive.

During the event, Wang Yu, General Manager of Ant Group’s Cybersecurity Department, presented the exploration and practice of inclusive cybersecurity insurance for micro‑businesses.

Data shows that cybersecurity risks and costs are rising sharply: in 2022, 24,801 new vulnerabilities were recorded (a 19.28% increase over 2021), and the average cost of a data breach in 2023 reached USD 4.45 million, a 15% rise over the previous three‑year average.

Building security capabilities requires long‑term investment; high personnel, product, and operational costs lead to diminishing marginal benefits, and even extensive investment cannot guarantee absolute safety, highlighting the need for risk‑transfer mechanisms.

In 2023, Alipay partnered with PICC Shanghai to launch a “Cybersecurity Insurance for Alipay Mini‑Program Cloud Hosting” product, offering pre‑ and in‑service security hosting and post‑incident insurance compensation to help SMEs quickly detect risks and recover from attacks.

The solution follows a three‑layer architecture: (1) cloud platform security through full‑lifecycle development (SDLC); (2) affordable security hosting services to raise merchants’ security posture; and (3) cybersecurity insurance as the final layer to cover residual risks.

Insurance coverage includes four loss categories—business interruption, data breach, data recovery, and emergency response costs—with annual limits of CNY 500,000 (inclusive version) and CNY 1 million (SME version), sufficient to offset typical cyber‑related losses.

The accompanying security service spans three phases—pre‑insurance assessment, in‑insurance protection reinforcement, and claim verification—enhancing the insured’s security level and reducing claim rates, thereby lowering premiums.

The solution has been selected for the Ministry of Industry and Information Technology’s cybersecurity insurance pilot service catalog, and future collaborations will promote the “security hosting + insurance” model to provide inclusive cybersecurity insurance for micro‑enterprises.