Hacking that targets individuals and business is now a way of life. And since it can’t be stopped, potential victims need protection against the kind of attacks witnessed this week with the “WannaCry” ransomware attacks.

This has created a vast and growing market for cyber insurance, costing companies at least $3.25 billion each year in annual premiums. But that’s a drop in the bucket compared to what they will pay to insurers by 2025 as much as $20 billion, according to Allianz SE, the world’s largest insurer. There is also a market for individuals who fear that they, or their families, could be hacked.

“When this began on Friday, our phones started ringing and they haven’t stopped,” said Tom Reagan, cyber practice leader for Marsh, an insurance broker unit of professional services firm Marsh & McLennan. “This is a global pandemic.”

Cyber insurance is now generally its own market, Reagan said. Standalone cyber coverage has grown by more than a quarter in recent years at Marsh.

According to the Insurance Information Institute (III), which represents the property-casualty industry, the number of data breaches continues to grow each year, with at least 500 million in the first half of 2016 alone. Losses from hackers amounted to at least $1.5 billion that year, and are likely to swell even more this year due to the WannaCry hack. Cyber incidents are now the third-largest global business risk, the group said in a presentation.

There is no cure as long as hackers continue to hide in secret places on the internet’s dark web, and rogue nations shelter them.

All the publicity has prompted new insurers to enter the market, thereby lowering the price of premiums. They are adding new layers of protection and working with smaller businesses that might have previously thought they were immune to hacking, but are finding out they’re not.

Companies that were already hacked because they were viewed as easy targets, like retailers, have hardened themselves against future breaches.
“They’ve invested tens of billions for risk control, such as pin (or chip) technology so they are seeing favorable rate changes,” Reagan said. And such precautions have paid off the U.S. was one of the least affected nations in the last attack.

But there are still given industries, such as health care, where rates are going up. Health care providers often easily hacked because compliance laws that make data entry easier also make it hard to keep hackers out. According to the III, medical and health care records represent 35 percent of all data breaches and more than half of all records stolen.