S&P Global Ratings maintains a stable outlook on the global cyber insurance and reinsurance industry, supported by solid underwriting profitability in 2023 and 2024, with expectations for this trend to continue into 2025.
The cyber insurance industry’s stability is further reinforced by substantial increases in cyber insurance rates and tighter terms and conditions on cyber policies, measures that were primarily implemented in 2021 and 2022.
For 2025, Swiss Re is estimating a market premium of 16.6 bn (+8% over 2024) and the cyber protection gap remains huge. On the one hand, there is significant geographical potential as can be seen in the uneven distribution of cyber premium across regions (see Cyber Risk Insurance Market Global Trends).
Between 2017 and 2022, the cyber market expanded at an impressive 32% annual rate. Global premiums doubled from 2017 to 2020 and then doubled again from 2020 to 2022, with projections initially anticipating this robust growth to continue. Despite this, forecasts still suggest 20% annual growth, often presented as a near certainty.
Insurers now use advanced technological tools to assess risks and offer cybersecurity services, providing a comprehensive approach to cyber risk management.
Strengthening Profitability in Cyber Re/Insurance
According to CyberCube’s Cyber Insurance Market Outlook for 2034, at mid-range 10-year growth estimates of 20%, the following would be expected in 2034 that US standalone premium will stand at $45 bn, a five-fold increase from today.
The industry’s stability is crucial given the evolving threat landscape. A combination of stagnant or declining cyber rates alongside a sharp increase in underlying cyber claims could lead to a significant decline in profitability, according to S&P Global Ratings.
S&P highlights that profitability remains critical as the cyber threat landscape evolves. A decline in rates or a surge in cyber claims could significantly impact margins.
To safeguard long-term profitability, insurers are encouraged to:
- Strengthen policyholders’ cybersecurity practices.
- Clarify policy wording.
- Adjust rates selectively.
- Manage retentions and insurance limits effectively.
These measures are essential to align capital growth with increasing exposure and maintain sustainable operations.
Although the rapid growth of the cyber insurance market may be slowing, it continues to present a compelling growth opportunity, but looking ahead, this will be fueled by different drivers and regional variations, with small and medium-sized enterprises (SMEs) having the largest potential to address the existing cyber protection gap, Swiss Re analysts stated in a recent report (see Cyber Insurance, Ransomware & Hybrid Warfare Outlook).
Growth Potential and Regional Opportunities
S&P Global Ratings projects annual cyber insurance premiums to grow from $14 bn in 2023 to $23 bn by 2026, reflecting a 15-20% annual growth rate. The Asia-Pacific and Latin American markets are expected to grow fastest due to their smaller, less mature cyber insurance industries.
As one of the fastest-growing insurance subsectors, cyber insurance requires a sustainable model to meet rising demand.
Over the past two years, competition and capacity have increased with new market entrants, including reinsurers and managing general agents (MGAs). However, softening renewal conditions in the US have contributed to lower retention rates and reduced premiums (see Cyber Insurance Protection Gap. Cyber Risk Survey).
S&P continues to monitor the potential impact of these changes on capital, earnings, and risk exposure, assessing how they affect the financial stability of insurers and reinsurers.
The cyber insurance market experienced explosive growth of 32% annually from 2017 to 2022, with global premiums doubling twice, from 2017 to 2020 and again from 2020 to 2022, and forecasts were projecting a continuation of these very strong growth rates.
However, Swiss Re recent data reveals a slowdown in growth and decreasing insurance rates, suggesting previous optimism was unfounded. Despite this, projections of 20% annual growth persist, raising questions about their plausibility in the face of a shifting market reality.
Past growth was driven by large corporate buyers and rate increases, up to 2019 the market premium was largely growing by adding new exposure in North America and Europe. More and more corporates were purchasing cyber insurance.
Main Growth Cyber Insurance Driver Changed
From 2020 to 2022, the main growth driver changed when a surge in ransomware attacks resulted in substantial financial losses. In response to this elevated risk, the market reacted with increased rates to reflect the intensified exposure.
In 2022 and 2024, the cyber insurance market experienced a significant shift. Initially, strong rates and profitability attracted new entrants, increasing competition. This led to rate reductions in 2024, offsetting much of the organic growth.
The pronounced upwards cycle until 2022, followed shortly by a downwards trend has been observed globally, however, with some regional nuances. North America saw higher rate increases than Europe, particularly impacting large corporations, while the SME segment saw more modest changes.
Global cyber insurance premium dynamics
Despite the era of rapid, double-digit expansion in the cyber insurance insurance market is starting to cool, there is no lack of potential, as different regions have different needs and there is still a large cyber protection gap all around the world, Swiss Re highlights.
Cybersecurity and technological disruption are identified as the top threats to business growth, with over 89% of executives planning to expand their cyber insurance coverage to address increasing technological vulnerabilities, according to a report by Chubb.
74% of executives at large companies cite cybersecurity as the top growth risk, with 40% reporting that cyber breaches and data leaks have been the most disruptive and financially burdensome man-made threats. These concerns far outweigh risks such as accidents, regulations, social unrest, and hazmat exposures, with no other risk factor mentioned by more than 25%.
Cybersecurity also ranked as the leading geopolitical risk at 60%, with resource scarcity, climate change, political instability, and other risks falling below 40%.
Monitoring cyber incidents is the most widely used risk mitigation tool, with 84% of executives reporting it as either a fully integrated (41%) or regularly used (43%) function in their organisations. Another 14% use it in some situations.
North America Dominates in Cyber Insurance Premiums
North America dominates with 70% premium share followed by Europe (19%) and APAC (8%) according to Swiss Re data. This not only illustrates the varying cyber market maturity levels around the globe but also underpins the untapped cyber market growth potential of many economies in Europe and APAC.
Cyber insurance adoption varies significantly across customer segments, Tobler noted. Large corporations (those with annual revenue exceeding $10 bn) have embraced cyber insurance at a much higher rate (80%) than SMEs (those with annual revenue below $100 mn), which show only about 10% adoption.
As a result, organic growth in the Large Corporate sector is largely limited to clients purchasing higher limits, whereas the potential in the SME market remains significant through clients purchasing new policies.
In short, there is a huge cyber protection gap for small and medium sized companies. The SME segment offers a major growth opportunity for cyber insurance globally. However, serving small and medium size businesses requires investment and adapted approaches.
The Role of AI and Emerging Cyber Risks
AI has accelerated the automation of cyberattacks, particularly in personalized phishing and email extortion. Cybercriminals now deploy sophisticated tools, such as Ransomware-as-a-Service (RaaS), to target broader markets with greater efficiency. These developments are expected to drive an increase in cybercrime.
S&P anticipates that the impact of AI on cyber insurance will become a focal point for the industry in the coming years.
The dynamic between attackers and defenders will influence claims development, loss ratios, and insurers’ ability to adopt AI for precise risk assessment and pricing.
Despite improvements in pricing everyday cyber losses, systemic risks remain a challenge. Large-scale cyber events, like coordinated ransomware attacks, pose a significant threat to businesses across multiple sectors.
Developing and regularly testing incident response plans, leveraging AI and machine learning for advanced threat detection and response, and maintaining a timely patching schedule for known vulnerabilities are essential steps.
From 2023 to 2024, the global cyber insurance market grew from $16.66 bn to $21 bn and is projected to reach $120 bn by 2032, demonstrating a substantial 24.5% CAGR during the forecast period
Insurers are leveraging advanced technological tools to assess risk and provide cybersecurity services alongside insurance coverage. This blending of insurance and security services represents an innovative shift in the market, aiming to provide a more holistic approach to cyber risk management.
Advancements in technology, particularly AI and machine learning, are reshaping the cyber threat landscape. As threat actors adopt these tools for more sophisticated attacks — such as deep fakes — insurers are grappling with how to adjust coverage accordingly. Some insurers are stepping up to offer affirmative coverage for emerging threats, while others struggle to adapt.
While the current buyer-friendly environment is expected to persist, it may be tempered by emerging geopolitical tensions. Organizations should continue to be proactive in building robust cybersecurity frameworks, which may influence underwriting practices.
With numerous variations of cyber insurance available, clients must navigate the complexities of coverage agreements. Working with specialized brokers will be critical in ensuring adequate protection and claims support.
Cyber Insurance Pricing
The cyber insurance market is facing increasing competition and shifting risk profiles, as highlighted in Amwins’ 2025 Outlook: State of the Market Report. The market can be divided into three main categories: new entrants, established players, and middle-tier insurers.
Pricing trends show a notable change, with renewal business seeing flat or declining rates, while new business is encountering aggressive pricing strategies from carriers eager to expand their market share.
The cyber insurance market is facing increased competition and evolving risk dynamics. Pricing trends indicate a notable shift, with renewal business seeing flat to declining rates and new business encountering aggressive pricing strategies from carriers eager to capture market share.
The overall market can be categorized into three distinct categories:
- New entrants: Fresh carriers with no legacy risks aggressively seeking market share through competitive pricing.
- Seasoned players: Established carriers with more than 10 years in the cyber space, leveraging their portfolio and relationships to maintain competitiveness and manage legacy risks.
- Middle-tier insurers: Entities facing pressure to clearly define their offerings, often opting for specialty-focused distribution strategies.
This mix of new entrants and ample capacity suggests that soft market conditions are likely to persist into the foreseeable future while prompting a shift towards more differentiated offerings.
Upcoming reinsurance renewal dates, particularly January 1 and April 1, are expected to provide critical insights into market direction as we move further into 2025.
Impacts of cyber disruption
High-profile cyber incidents, such as those involving CDK Global, CrowdStrike and Change Healthcare, were anticipated to shake up the market significantly. However, the overall impact has been somewhat muted, affecting only a small segment of the cyber insurance landscape. Insurers heavily invested in these sectors or with substantial books of affected clients faced adverse effects while the broader market remained relatively stable.
These events highlighted the need for insurers to assess risk portfolios critically.
While catastrophic events in other sectors, such as natural disasters, can drive significant changes in pricing and availability, the cyber sector appears more resilient.
This resilience may be due, in part, to improved risk management practices among organizations, resulting in fewer significant losses impacting the overall market.
Ransomware continues to plague organizations across various sectors. Despite rising claims, the cyber insurance marketplace has yet to respond meaningfully to this persistent threat, potentially due to improved risk controls among a wider array of insureds. However, a large segment of commercial enterprises remains uninsured for cyber risks, presenting an ongoing challenge for carriers.
Capacity and pricing trends
Capacity continues to grow, with many carriers willing to offer limits previously thought unattainable. Contractual requirements for coverage are also on the rise, with firms increasingly mandated to carry higher limits. However, pricing remains competitive, with reductions observed across various segments, particularly in the wake of enhanced security protocols.
Emerging players and changing market dynamics are influencing capacity trends. For instance, while underwriters are generally open to a wide array of industries, they remain cautious about sectors such as healthcare, where regulatory complexities may drive tighter underwriting guidelines.
Rising Claims and Regulatory Challenges
The frequency and severity of cyber claims continue to rise. Allianz reports a 14% increase in large cyber claims in the first half of 2024, with claim sizes up by 17%. Ransomware attacks have grown more sophisticated, causing widespread business interruptions and extortion.
Privacy regulations in 2024 added legal uncertainty, further driving claim activity. A notable example is the CrowdStrike outage, which impacted millions of systems due to a faulty update, underscoring risks in software supply chains.
S&P underscores the importance of managing accumulation risks in the expanding cyber insurance market. Unchecked growth without robust risk controls could harm insurers’ capital strength, risk exposure, and earnings stability. The firm remains vigilant in evaluating these developments to ensure financial resilience in this critical sector.
FAQ
S&P Global Ratings maintains a stable outlook for the cyber insurance and reinsurance sector. This is supported by strong underwriting profitability in 2023 and 2024, with expectations for continued stability into 2025.
The stability stems from substantial rate increases and stricter terms implemented in 2021 and 2022. These measures have strengthened underwriting margins despite evolving cyber threats and increasing claims activity.
Swiss Re estimates that global cyber insurance premiums will reach $16.6 bn in 2025, an 8% increase over 2024. S&P projects further growth to $23 bn by 2026, driven by demand in underserved regions like Asia-Pacific and Latin America.
The cyber insurance market has seen increased competition due to new entrants, including reinsurers and MGAs. This has resulted in softer renewal conditions, reduced premiums, and lower retention rates, particularly in the US.
AI has accelerated cyberattacks, enabling sophisticated methods like Ransomware-as-a-Service and personalized phishing. S&P expects insurers to adopt AI for more accurate risk assessment and pricing while mitigating these emerging threats.
Systemic risks, such as coordinated ransomware attacks and widespread malware infections, remain a major obstacle. Privacy regulations and software supply chain vulnerabilities also contribute to rising claim frequency and severity.
North America leads with 70% of global cyber premiums, followed by Europe (19%) and APAC (8%). Small and medium-sized enterprises (SMEs), with a cyber insurance adoption rate of only 10%, represent a significant growth opportunity globally.
