Cyber Insurance Hard Market: Trends, Insights, and Future Risks

The cyber insurance hard market is a challenging landscape for businesses and individuals alike. Premiums have skyrocketed, with some increases reaching as high as 100% or more.

This dramatic shift is largely due to the growing number of cyber attacks and data breaches, which have resulted in significant losses for insurers. The rise of ransomware attacks, in particular, has contributed to the hard market.

Insurers are now more cautious and risk-averse, leading to reduced coverage options and higher premiums. This has left many organizations struggling to find affordable cyber insurance that meets their needs.

The hard market is expected to persist in the near future, with some experts predicting that it may take several years for the market to stabilize.

If this caught your attention, see: Is Insurance Sales Hard

Systemic risk is a top concern for insurers, particularly when it comes to critical infrastructure and correlated events. This has led to some insurers restricting coverage on a generalized or event-specific basis.

Many insurers and reinsurers still negotiate the language of war policy exclusions on a deal-by-deal basis, creating a lack of consistency in the market.

The implementation of cyber war exclusions in policies purchased through Lloyd's has caused confusion and may cost the market some income.

Insurers are now including compliant cyber war exclusions in their policies, following the lead of Lloyd's cyber war exclusion market bulletin.

Suggestion: In Insurance Policies the Insured Is Not Legally

Capacity and rates are stabilizing, but with some caveats. Rates on primary layers are still increasing, but at lower levels than in the previous 18-24 months. This is a welcome trend, as it suggests that the market is starting to normalize.

Competition on excess placements is heating up, leading to pricing decreases on excess layers. This is a positive development for businesses that need to purchase excess coverage.

According to Aon Cyber Solutions, cyber premium rates declined by 16% in Q4 2023 compared to the previous year. This is a significant drop, and it's a sign that the market is starting to stabilize.

New players are entering the market with fresh capital, which is creating a more competitive landscape. This is good news for businesses, as it means they have more options for purchasing cyber insurance.

Here are some key statistics on capacity and rates:

Rates are stabilizing, but don't expect a complete reversal of fortune. Premium increases on primary layers are still happening, but they're generally lower than we've seen in the past 18-24 months.

Competition on excess placements is increasing, leading to pricing decreases on excess layers. This is a positive trend, but it's essential to remember that rate increases still vary widely based on company size, industry, claim activity, and security controls.

Large organizations and certain industry sectors are still struggling with significant increases. In fact, some are experiencing rate hikes that are higher than ever before.

Here's a rough breakdown of the current rate landscape:

The good news is that capacity is starting to reemerge, with some carriers offering $10 million limits on primary layers at pre-hard market rates. This is a welcome development, but it's essential to note that technical underwriting is still a major factor in the cyber insurance market.

The 214 Percent Increase in Ransomware Activity is a stark reminder of the growing threat in the digital world. 214% is a massive jump in ransomware activity in Q4 2023 compared to the same period the year before.

This surge is a wake-up call for individuals and businesses alike to prioritize cybersecurity and take proactive measures to protect themselves.

Readers also liked: Ransomware Cyber Insurance

The cyber insurance hard market is a complex and ever-changing landscape. Cyber risk is one of the most dynamic risks in the market, driven by human ingenuity and constantly evolving.

As companies become increasingly dependent on their supply chain, the impact of a cyber incident on key entities would have wide-ranging implications for almost every company. Insurers are now looking at cyber risk at a systemic level, accounting for interdependencies between companies and critical infrastructure.

In the short term, insurers may attempt to mitigate systemic risks with more stringent policy wording to exclude coverage for events deemed downstream of perceived systemic risks.

A different take: Cyber Liability Insurance Explained

Cyber risk is one of the most dynamic risks in the market, constantly evolving due to human ingenuity.

The cyber threat landscape changes at a rate unlike any other, requiring underwriters to constantly review the factors they assess against their customers.

Companies are increasingly dependent on their supply chain, making the impact of a cyber incident wide-ranging and affecting almost every company.

Insurers are looking at cyber risk at a systemic level, but this is a challenging process due to the need to account for interdependencies between companies and critical infrastructure.

Modeling for this type of risk requires accounting for cascading consequences that could lead to a widespread cyber incident.

In the short term, insurers may attempt to mitigate this by using more stringent wording in their policies to exclude coverage for events deemed to be downstream of perceived systemic risks.

For example, Lloyd's of London issued a market bulletin in August 2022 requiring firms to exclude liability for losses arising from state-backed cyber-attacks.

A fresh viewpoint: Cyber Insurance Incident Response

The cyber insurance market is expected to continue its boom and bust cycle, just like other lines of insurance. This means that we can expect fluctuations in the market, but also opportunities for growth and innovation.

A hardening of the market occurred at the end of the previous decade, but early signs of thawing are becoming apparent. This suggests that the market is starting to stabilize and potentially become more competitive.

Cyber insurance will continue to innovate and produce new and competitive products for insureds across industries and revenue brackets. This is likely due to the ongoing evolution of the underlying subject matter.

Companies must adapt to these trends and navigate the underwriting process to maximize their chances of achieving favorable premiums. This can be done using in-house expertise or trusted third parties.

The market's growth and utility to the wider cyber community will be guaranteed by ongoing geopolitical and technological developments.

Take a look at this: Gdp Growth Effect on Stock Market

The cyber insurance hard market is characterized by a gradual stabilization of the market, with loss ratios plateauing in 2022 and excess layers of insurance becoming increasingly competitive, driving down prices.

Insurers have taken a more proactive approach to appraising cyber risk, reviewing their internal underwriting processes and drawing on third-party expertise to support their in-house teams. As a result, new market segments, particularly mid-market organisations, are being eyed as lucrative ground for carriers to expand into.

Organisations are investing resources in insurance application and negotiation strategy preparation, often drawing on third-party expertise to support their in-house teams. This has led to a highly competitive market, forcing companies to reconsider how to put their best foot forward to guarantee themselves coverage.

The market is expected to continue innovating, with many insurers offering preventative coverage products that marry cyber underwriting with the deployment of conventional security tooling. These products are primarily geared towards the SME market, giving insurers more confidence when appraising cyber risks and allowing them to model their prices more accurately.

Additional reading: Cyber Insurance Underwriting

The cyber insurance market is evolving rapidly, driven by the growing need for protection against cyber threats. Insurers are now offering preventative coverage products, also known as "active insurance", which combine cyber underwriting with the deployment of conventional security tooling.

These products allow insurers to offer their customers the option to opt into introducing new controls to their organisation in exchange for a credit to their premiums. This can range from high-level organisational controls to more invasive controls, such as rigorous vulnerability scanning or 24/7 monitoring.

The level of integration between insurers and their customers varies between products, but these types of products are primarily geared towards the SME market. This is because smaller organisations are less likely to have a full suite of security controls in place, making them more vulnerable to cyber threats.

The advantages of these products include giving insurers more confidence when appraising cyber risks, allowing them to model their prices more accurately and pass some of the benefits onto the customer. They also provide a strong opportunity for customers and insurers to become more integrated, allowing the two to communicate more regularly and frame risk in a way that both parties can understand.

As a result, customers are seeing lower rate increases in 2023 than previous years, and even flat renewals, which have been unheard of since 2019, are being enjoyed by some customers. This is a good early indicator that rates will continue to drop across the entire tower.

The total amount of capacity available for companies will continue to grow as long as the demand for it exceeds the current supply. Insurers are also giving a second look to organisations with controls that don't meet their gold standards, introducing more stringent policy wording in the form of exclusion clauses and subjectivities.

See what others are reading: Will Gold Prices Go down in 2024

Aon Insights Series Asia provides expert views on today's risk and human capital issues. Their expert views are featured in publications such as the Aon Insights Series Asia.

Risk capital is a major concern, and Aon Insights Series Asia tackles this issue head-on. Battling cyber threats is a top priority, with 2024 Top Ten Cyber Crisis Management Tips available for guidance.

New SEC Cybersecurity Rules have been introduced, and Aon Insights Series Asia breaks down the intersection between these rules and insurance coverage. This information is crucial for businesses looking to protect themselves from cyber threats.

Aon Insights Series Asia offers expert views on the latest developments in risk and human capital. Their insights are informed by years of experience and a deep understanding of the issues at hand.

Navigating the future of cyber insurance can be daunting, but with the right approach, you can build confidence in your decisions. Cyber threats are on the rise, with ransomware attacks increasing in frequency and severity.

In 2024, expect tighter controls and terms, alongside potential stabilization in pricing. This reflects the growing complexity and severity of cyber risks. About 20-25% of businesses purchased additional limits while less than 3% purchased less limits in the last quarter of 2023.

To make better cyber policy decisions, focus on building stability and bespoke solutions. Understand changes and how different insurance policies work together to create stabilization. Proactively engage with knowledgeable insurers and stay ahead of emerging threats to build resilience against cyber risks.

Quantifying your cyber risk is crucial, as growing ransomware activities, new SEC regulations, and evolving AI technology pose significant threats. About 15% of businesses experienced decreased retention in Q4 2023, while those with increased retention remained stable at 7-8%.

Partnering with the whole organization is essential, as cyber and privacy risk is a company-wide risk. Work together with the entire business to effectively showcase controls and ensure everyone is on the same page.

Maintaining the confidential nature of insurance policies is vital, as bad actors continue to threaten victims and demand ransom payments based on coverage limits.

Here are four key takeaways to help you navigate the future of cyber insurance:

The cyber insurance market is experiencing a hard market, but trends indicate a gradual stabilization. As of 2023, loss ratios plateaued in 2022.

The global cyber insurance market is expected to double to $29 billion by 2027, driven by the escalating frequency of cyber-attacks and growing regulatory requirements.

Cyber premium rates declined by 16% in Q4 2023 compared to the previous year, according to Aon Cyber Solutions.

Organisations are increasingly investing resources towards insurance application and negotiation strategy preparation, drawing on third-party expertise to support their in-house teams where specialist support is needed.

The highly competitive nature of this hard market has forced companies to seriously reconsider how to put their best foot forward to better guarantee themselves coverage.

A significant challenge insurers face is bridging the gap between economic losses and insured losses.

Consider reading: Cyber Insurance Losses

The cyber insurance market is experiencing a hard market, but there are signs of stabilization. As of 2023, loss ratios have plateaued and excess layers of insurance are becoming more competitive, driving down prices.

The total numbers of ransomware attacks fell in 2022, and revenue earned by ransomware gangs also decreased. This has led insurers to review their internal underwriting processes and take a more proactive approach to appraising cyber risk.

New market segments, particularly mid-market organisations, are being eyed as lucrative ground for carriers to expand into. These organisations are investing resources in insurance application and negotiation strategy preparation, drawing on third-party expertise to support their in-house teams.

The highly competitive nature of the hard market has forced companies to reconsider how to put their best foot forward to guarantee coverage. This has led to a focus on risk mitigation and leveraging cybersecurity as a competitive advantage.

The global cyber insurance market is expected to double to $29 billion by 2027, driven by the escalating frequency of cyber-attacks and growing regulatory requirements. The market has nearly tripled in size over the past five years, largely due to the commitment of reinsurers and the emerging interest from capital markets in cyber risks.

Only a fraction of the risks has been insured so far, with large corporations still accounting for the majority of premiums, while small and medium-sized enterprises (SMEs) largely bear their cyber risks independently.

As boards of directors significantly increase budgets to address cybersecurity, it's clear that protecting against cyber-related incidents is a top priority.

Over 75% of organisations worldwide have experienced a cyber-related incident in 2022, according to Marsh and Microsoft's 'The State of Cyber Resilience Report 2022'. This highlights the need for robust security measures.

A comprehensive cyber insurance policy can provide companies with balance sheet protection for first-party costs such as legal expenses, forensic costs, data and hardware restoration and repair related costs, reputational harm expenses, and financial losses resulting from business interruption.

Regulatory fines and penalties are also a significant concern, with third-party costs often a major burden for organisations affected by cyber-related incidents.