Despite Declining Rates, Cyber Insurance Market Poised for Growth, Innovation

Current cyber insurance market conditions offer businesses an opportunity to secure coverage at more favorable terms, as rates have transitioned to double-digit decreases in 2024 compared to the triple-digit increases of a few years ago, according to Howden’s annual cyber insurance report.

The report, titled “Risk, Resilience and Relevance,” highlights how competitive forces and improved cyber hygiene by policyholders is helping prevent or mitigate the impact of cyberattacks, creating a more stable foundation for the cyber insurance market to expand its exposure and relevance.

“Improved market conditions reflect underwriting actions taken by carriers during the hard market, alongside ongoing investments made by businesses in strengthening their risk postures and claims management practices,” the report stated.

Cyber insurance rates are 15% lower in 2024 than the market’s peak in mid-2022, Howden reported. Rate competition is highest in remote risk layers, according to the report, which also noted that capacity is up and insurers are willing to increase limits, remove coverage restrictions and lower-retention levels.

“At no other point has the market experienced the current mix of conditions: a heightened threat landscape combined with a stable insurance market underpinned by robust risk controls,” said Sarah Neild, head of cyber retail, UK at Howden.

Carriers and brokers have made significant progress in recent years to enhance price stability, coverage clarity and consistency of terms and conditions, according to the report.

Opportunities for Market Growth

While the U.S. has dominated the cyber insurance market to date, accounting for approximately two-thirds of the global market, more than half of premium growth up to 2030 is projected to come from non-U.S. territories, especially Europe, Latin America and Asia, Howden predicted.

“Cyber insurance is key to strengthening resilience around the world and insurers are now in a strong position to bring about real change,” said Jean Bayon de La Tour, head of cyber, International. “This involves providing more capacity to meet pent up demand in currently underpenetrated regions.”

Another source of growth is cyber insurance demand from small and medium-sized enterprises, Howden said.

The SME space, which accounts for close to half of GDP in advanced economies, offers huge opportunity for brokers and insurers as they find better ways to bring this currently underserved demographic into the cyber market. SMEs are increasingly reliant on technology for their operations but have historically been underserved by the cyber insurance market, Howden noted. Progress is being made in certain markets like France, where companies categorized from micro to mid-sized have increased their share of the cyber insurance premium pool from 15% in 2019 to 25% in 2023.

Ransomware Threat Remains Dominant

Meanwhile, ransomware continues to dominate the cyber loss environment, with NCC Group data showing an 85% increase in frequency of ransomware attacks in FY23 compared to FY22.

The potential for systemic risk from large-scale attacks is another pressing challenge. Incidents like SolarWinds, Microsoft Exchange, Kaseya, Log4j, and MOVEit have targeted software supply chains to maximize fallout across multiple organizations. The recent Change Healthcare ransomware attack, which affected up to one-third of the U.S. population, underscores the potential for economic costs to spiral from these events.

Geopolitical instability is also fueling nation-state attacks. Data from the Centre for Strategic and International Studies reveals that Russia and China accounted for 65% of major state-affiliated cyberattacks against government agencies, defense, and high-tech companies from April 2023 to March 2024. A recent survey by the World Economic Forum shows that 70% of CISOs reported that geopolitics has influenced their firm’s cybersecurity strategies.

Threat of Generative AI on Cyber Risk Landscape

The explosion of generative AI (Gen AI) is a major development reshaping the cyber threat landscape. Despite the lack of clarity on which use cases will prove most important and when they will gain traction, two emerging conclusions are becoming increasingly clear.

First, sophisticated, state-backed threat actors will use Gen AI to sharpen their tactics, techniques, and procedures with increasing effectiveness and scale. In February 2024, Microsoft and Open AI disclosed that nation state threat actors have been using ChatGPT to make established hacking activities easier.

Second, and more importantly for the insurance market, Gen AI will push up the potential aggregation, severity, and frequency of claims in predictable areas by enhancing the capabilities of commercial hackers. All types of attackers, ranging from highly capable state actors to organized crime groups and less skilled hackers, will see AI enhance their capabilities, albeit in nuanced ways.

Less skilled hackers will see the biggest uplift to their capabilities. Many novice threat actors will gain access to tools, code, and intelligence that will enable them to start hacking, driven by sophisticated hackers monetizing their skills by selling AI-powered capabilities online. This democratization of hacking will likely lead to a rise in the frequency of low-level claims, with novice threat actors finding it easier to carry out phishing attacks, which were the vector used in 84% of UK business attacks in 2023.

Organized crime groups, on the other hand, will see their capabilities enhanced in ways that point to a significant increase in the severity of a small number of claims. These groups will increasingly focus on the most lucrative hacking, targeting companies most likely to pay big ransoms with sophisticated attacks. One such vector is social engineering via AI-generated deepfakes, using convincing fake voice and video calls to dupe employees.

Howden’s report notes that AI also provides enhanced defensive capabilities. Use cases include pre-release software scanning for errors and malicious code, providing maintenance updates to open-source software, and threat hunting.

To obtain the full report, visit Howden’s website. &