Skip to content

Cyber Insurance Market Outlook for 2024-2034: Coverage & Capital Managing

    Cyber insurance market is set for outsized growth compared with other lines of P&C insurance over the coming 10 years. There is some concern, however, about what factors must come together for this growth to be achieved — especially in light of slow-to-declining premium numbers for the US standalone market.

    Cyber insurers will continue to face challenges in maintaining underwriting discipline as market competition grows and the claims environment evolves due to rapid technological changes.

    According to CyberCube’s report, “Projecting Cyber Insurance Growth: A 10-Year US Market Outlook”, noted that this rapid growth will be driven by the increasing digitisation of the global economy and rising concerns about cyber risk.

    Changes in the cyber threat landscape do not fundamentally alter the frequency or severity of attacks. Evolutions in offensive and defensive strategy and new tactics could emerge to fundamentally shift projections.

    In this report, analysts have stress-tested premium growth numbers, overlaid capital requirements to support the growing line of business, and asked what structural changes would be required to meet the projections (see Cyber Insurance Protection Gap. Cyber Risk Survey).

    Insurers Anticipate Growth in Cyber Insurance

    Insurers anticipate growth in cyber insurance

    Market leaders anticipate significant growth in cyber insurance over the next decade. However, it remains a capital-intensive risk that demands structural innovation to keep up with increasing demand and support societal resilience.

    According to CyberCube, US standalone premiums in 2023 totaled $8 bn. Based on the assumption that risk carriers manage capital for a 1-in-250 year aggregate loss event, Portfolio Manager catastrophe model estimates the industry required $20 bn of capital in 2023. U.S. cyber insurance market will grow to $20 bn by 2025

    This means (re)insurers needed $20 bn to cover a 1-in-250 year cyber aggregation loss.

    • Cyber insurance is projected to grow rapidly over the next decade, driven by increasing digitization of the global economy and rising concerns about cyber risk. Three CAGR factors for the US insurance industry to 2034: 10% growth resulting in $17 bn of premium; 20% growth resulting in $45 bn of premium and 30% growth resulting in $109 bn of premium in personal cyber insurance.
    • Cyber will become a peak peril, with the potential for losses from US Standalone Cyber to exceed Hurricane Katrina — the largest insurable natural catastrophe to date. At 20% CAGR, the amount of capital required to manage a 1-in-250 year loss would be $121 bn. Hurricane Katrina, for example, cost the (re)insurance industry $102 bn in 2005.
    • From 2023 to 2024, the global cyber insurance market grew from $16.66 bn to $21 bn and is projected to reach $120 bn by 2032, demonstrating a substantial 24.5% CAGR during the forecast period
    • The reinsurance market will need to substantially increase cyber’s capital allocation to enable this growth potential, with increases needed from multiple sources including insurers, reinsurers, capital markets, and potentially private-public partnerships.

    Range of US Insurance Market Growth Assumptions

    At mid-range 10-year growth estimates of 20%, the following would be expected in 2034 that US standalone premium will stand at $45 bn, a five-fold increase from today.

    However, product innovation will be required to achieve real growth in exposures, rather than mainly rate increases, as seen in recent years.

    Given low penetration rates for coverage of cyber risk today, insurers and brokers need to achieve deeper penetration across organizations, offering larger limits and broader coverage with more clarity on terms and conditions (see about Cyber Insurance & Risk Management in a Volatile Threat Landscape).

    Insurers will need $121 bn of capital to manage capital to 1-in-250 year loss, a 500% increase on current capital requirements.

    The P&C insurance sector stands at the threshold of a once-in-a-generation opportunity to build a sustainable market for cyber risk transfer. This enables societal resilience to one of the peak risks facing economies today.

    10-year Cyber Insurance Premium and Capital Requirements

    10-year Cyber Insurance Premium and Capital Requirements
    Source: CyberCube

    CyberCube proposes that diversifying capital sources will be required to support catastrophe exposures, predominantly from capital markets capacity in the form of insurance-linked instruments, and public-private partnerships with the federal government.

    CyberCube has taken a range of CAGR for US standalone cyber. Annual growth of 10% results in US standalone premium of $17 bn in today’s dollars, 20% leads to $45 bn and 30% CAGR would reach $109 bn in 2034.

    The cyber landscape continues to evolve rapidly with emerging threats like ransomware, AI-driven attacks, and supply chain vulnerabilities. These threats can lead to severe consequences, including prolonged business interruptions, major data breaches, significant financial loss, and hefty regulatory fines.

    US Standalone Cyber Premium Along Growth Trajectories

    US Standalone Cyber Premium Along Growth Trajectories
    Source: CyberCube

    Given the uncertainty over the 10-year outlook and recent volatility in growth for the US standalone market, which experienced a 3% decline in premiums written in 2022-2023, Fitch Ratings consider this range a solid basis for discussing the market’s potential.

    US Standalone Cyber Insurance Premiums

    Based on the mid-range projection, US standalone premiums are expected to reach $45 bn (present value), a five-fold increase from current levels. However, CyberCube’s analysis of US organizations’ purchasing patterns reveals a significant gap in both the number of companies purchasing insurance and the financial protection provided by current coverage limits. Market growth must come from increasing exposures, not merely raising prices.

    Favorable cyber underwriting results are partly due to prior large increases in premium rates. Insurers are also being more careful in cyber risk selection and the underwriting process.

    They are requiring that customers maintain proper cyber hygiene and risk management practices before agreeing to insure them. Additionally, insurers are tightening policy language to more strictly define terms, with more frequent insertion of sub-limits and exclusions.

    Standalone Cyber Coverage Direct Loss & DCC Ratios

    Standalone Cyber Coverage Direct Loss & DCC Ratios
    Source: Fitch Ratings, S&P Global Market Intelligence, Beinsure Data

    Current segment underwriting profitability at current levels is unsustainable as cyber insurance pricing is likely to remain flat or down going forward.

    Global insurance broker Marsh reported that U.S. cyber renewal rates were down for the last three successive quarters, including a 4% decline.

    Changes in Cyber Insurance Renewal Premium Rates Approaching Zero

    Changes in Cyber Insurance Renewal Premium Rates Approaching Zero
    Source: Fitch Ratings, Council of Insurance Agents & Brokers

    Several factors — such as low penetration of cyber insurance purchases among small businesses, insufficient limits for those businesses that do buy cyber insurance, and multi-decade secular trends toward greater digitization of the global economy — suggest that cyber insurance will continue to be a product with generationally robust demand growth.

    Insurers and brokers must accelerate product innovation to increase penetration across organizations. This includes offering higher coverage limits, broader protection, and clearer terms. New markets may emerge to diversify risk away from peak cyber catastrophe scenarios. Growth in consumer and microbusiness cyber insurance, along with geographic and industry diversification, and new internet technology coverages will contribute to premium growth.

    Cyber as a peak peril comparable to major natural catastrophes

    Cyber risks are projected to become a peak peril for property and casualty insurers, with potential losses surpassing Hurricane Katrina’s $102 bn.

    Currently, insurers use various methods for capital management, including share of limits, internal models, and multiple external models.

    At the lower end (10% CAGR), cyber capital would surpass the Northridge earthquake ($32 bn), the 10th largest natural catastrophe. At the higher end, cyber capital could account for 46% of today’s global reinsurance capital.

    The availability of capacity willing to take on catastrophic tail risk could limit market growth due to increased capital requirements. Traditional (re)insurance will play a significant role in providing this capacity, with event cover offerings expanding to support cedants.

    Cyber Capital Compared to Major Aggregation Events

    Cyber Capital Compared to Major Aggregation Events
    Sources: Insurance Information Institute, Munich Re, Statista, Claroty, CyberCube

    The cyber reinsurance market is currently concentrated among a few major players. To sustainably distribute and share risk as the market grows, broader participation from more reinsurers will be necessary.

    Cyber risk is further amplified by expanding regulatory and compliance requirements, such as the recent SEC cyber risk management disclosures for public companies.

    These regulations increase litigation risks and the potential for significant fines if data breaches are not properly disclosed.

    Catastrophic cyber risks add substantial uncertainty regarding the nature, probability, and cost of severe events. Insurers and risk modeling firms invest significant resources in assessing risk aggregations and potential maximum losses from large cyber events.

    However, these tools are still less developed compared to natural catastrophe models, which have benefited from 30 years of refinement.

    ……………….

    AUTHORS: Alex Tenenbaum – Director of Services at CyberCube, Pascal Millaire – Chief Executive Officer at CyberCube, Rebecca Bole – Head of Industry Engagement at CyberCube, Jon Laux, FCAS – VP of Analytics CyberCube