The realisation of the cyber insurance market’s growth potential is tied to geopolitics and macroeconomics, but also sme penetration, tail-risk management and attracting capital and talent. Wide-ranging cyber coverages have been developed in relatively short order and the market has maintained a strong claims payment record despite the highly dynamic threat landscape.
According to Howden’s report, the correction that started in 2020 nevertheless represented a watershed moment for cyber insurance.
Prior to this point, a relatively benign loss environment had fed abundant capacity, expanding coverage terms and favourable pricing.
What followed led to the highest annual rate increases across the entire insurance market. Risk appetite and perceived price adequacy for cyber exposures were reset, with carriers reacting swiftly to get ahead of spiralling loss costs (see Global Insurance Ranking of Cyber Insurers).
Challenge #1: Growing the cyber insurance market pie
According to Cyber Insurance Market Dynamics, pricing increases in recent years, from 2020 onwards especially, have driven the growth of the cyber market, but these tailwinds for insurers are now unwinding or even reversing in certain areas.
Whereas annual rate increases of more than 100% were recorded during the first half of last year, the corresponding period in 2023 has seen flat renewals or even decreases of up to 10% in recent months as pricing has come off recent historical highs.
Global Cyber Insurance Pricing Index
Absent any further shocks, pricing is unlikely to drive market expansion to the extent it did during the 2020-2022 correction, requiring ambitious plans for exposure growth (see How Insurers Can Expand the Cyber Insurance Market?).
Penetration rates vary significantly by geography and company size. Although cyber risk awareness is growing across the board, and uptake amongst mid-sized companies is improving, cyber insurance essentially remains a large corporate market.
To fulfil its true potential, the cyber market needs to move beyond existing premium pools by doing more to meet the demands of large buyers – reduced limits and (obligatory) higher retentions have forced some large buyers in Europe to look at captive solutions – and, equally important, increasing uptake in under-penetrated territories and demographics.
SMEs budget spend on cyber security
More work needs to be done in engaging with smaller companies especially. Figure 24 shows the relatively lower spend on cyber security for SMEs in Australia, the United Kingdom and the United States.
Brokers and insurers need to find better ways to bring smes into the cyber market
The direct relationship between risk controls and access to insurance coverage underscores the amount of work that still needs to be done within the SME space, especially outside the United States where data consistently shows low cyber insurance uptake overall (see about War Exclusions in Cyber Insurance).
In France, for example, of the premiums paid for cyber insurance in 2022, 85% came from large companies (with revenues >EUR 1.5 billion).
Cyber insurance premiums and claims distribution in France
Mid-sized companies (revenues of EUR 50 million to EUR 1.5 billion) and SMEs (revenues <EUR 50 million) accounted for the remaining 15% but were responsible for a disproportionate share of reported claims.
Challenge #2: Systemic risk and cyber warfare
Systemic risk has already been addressed in detail in this report. The issue continues to be (re)insurers’ primary concern – cyber’s inherent aggregation risk brings a higher cost of capital – hence the introduction of new policy language to better manage exposures specific to cyber acts of war. There is much at stake as constituents across the insurance value chain work to find solutions that are palatable to both clients and markets.
Avoiding a messy fallout from any future systemic or war-related cyber loss is crucial to the prospect of the cyber insurance market achieving the growth trajectory, as well as maintaining clients’ confidence in the product.
Policyholders, believing that their business interruption losses would be indemnified, felt aggrieved by the wave of claims denials. Carriers, on the other hand, were left confronting unanticipated (and unpriced) losses initially, and damaged reputations latterly. It is important that insurance carriers and buyers learn the lessons from the pandemic.
Challenge #3: Reinsurance capital
Reinsurance capital is vital for the cyber market to achieve its growth ambitions and is perhaps the single biggest challenge to overcome.
With approximately 45% of cyber premiums ceded to reinsurers currently, which is far higher than for most other lines of business, broad capacity constraints and price corrections in the reinsurance market present potential limitations.
Significant capital erosion, combined with elevated catastrophe losses and a series of macroeconomic and geopolitical shocks, have converged to create the most challenged conditions in recent memory.
Dedicated reinsurance capital
Conditions in the cyber reinsurance market specifically have relented this year, with pricing stabilising after a period of significant hardening.
Howden pricing indices for property reinsurance and retrocession markets
Although reinsurers are benefitting from improvements in underlying portfolios following recent pricing corrections, cyber reinsurance supply will need to increase significantly if it is to meet demand between now and 2030. This backdrop presents a potential impediment to cyber insurance’s growth projections.
Whilst cyber reinsurance premiums are currently in the range of USD 6 billion, they would need to increase more than three times over in order to fulfil growth expectations by the end of the decade.
Such high levels of growth would be ambitious during favourable market conditions, let alone when supply is as constrained as it is currently in the reinsurance market.
This underscores the need for the cyber reinsurance market to develop more products that enable insurers to retain more risk, especially now that cedents are more comfortable managing attritional losses.
Large insurers are already moving away from quota share to more efficient capital structures (such as excess-of-loss and tail-risk occurrence covers), a development that will facilitate a wider availability of reinsurance capital to support future growth.
Cyber insurance and reinsurance premium projections up to 2030
Further innovative thinking around matching risk to capital is needed to realise the full potential of cyber (re)insurance from here.
Continued investments into modelling solutions to help carriers manage and price exposures, and, in turn, better articulate results to alternative capital providers, is a key requirement to unlocking more capacity.
Another related point is increased engagement with capital markets. Growing consensus on risk definitions, alongside product innovation around systemic exposures in particular, are already attracting third-party investors.
Maintaining focus and momentum in this area will be crucial to seeing alternative capacity becoming an integral part of the cyber market’s capital structure.