Skip to content

Global Cyber Insurance Market Forecast to Exceed over $120 bn by 2032

    Global cyber insurance market has undergone significant changes in H1 2024, presenting both challenges and opportunities for retail agents. Increased competition has driven carriers to lower rates and offer more comprehensive policies.

    Flow’s Cyber Market Report indicates increased market competition has softened rates and expanded insurance policy offerings. However, cyber warfare remains a growing threat.

    The report warns that some policies may exclude coverage for cyber warfare or terrorism acts. Reviewing these exclusions and considering policies with coverage extensions is crucial.

    From 2023 to 2024, the global cyber insurance market grew from $16.66 bn to $21 bn and is projected to reach $120 bn by 2032, demonstrating a substantial 24.5% CAGR during the forecast period

    Insurers are leveraging advanced technological tools to assess risk and provide cybersecurity services alongside insurance coverage. This blending of insurance and security services represents an innovative shift in the market, aiming to provide a more holistic approach to cyber risk management.

    For retail agents, this is an exciting time to stake a claim in the cyber insurance market. The most significant opportunity lies in cross-selling and introducing cyber insurance to first-time buyers, as overall adoption remains low with substantial room for growth.

    Cyber warfare and nation-state cyberattacks

    Cyber warfare and nation-state cyberattacks

    The rise of cyber warfare and nation-state attacks presents significant risks in 2024, necessitating policy evolution, according to Flow’s latest industry report.

    Recent notable attacks against public utilities include hacktivist attacks on water utilities in November 2023, where CyberAv3ngers compromised programmable logic controllers at water utilities in North America, Europe, and Australia, disrupting services for two days in at least one community.

    Chinese state-backed hackers infiltrated U.S. water facilities, raising concerns about potential disruptions during conflicts. A Russian-linked hacktivist group attempted to disrupt operations at several Texas water utilities in early 2024 (see Cyber Risk Insurance Market Global Trends 2024).

    David Derigiotis, Head of Insurance for Flow, emphasized the importance of critical coverage, noting that government and critical infrastructure clients, along with Fortune 500 organizations, face heightened risks compared to everyday businesses. While small and medium-sized businesses could become collateral damage in broader attacks, policy costs must be balanced with the insurance’s value.

    Cyber Insurance Market Landscape

    Capacity for cyber insurance is expanding, with insurers offering more varied and comprehensive policies. The past six months have seen high-profile cyber incidents and data breaches with the average breach costing a record high of $4.45 mn.

    These numbers are greatly influencing pricing trends to more accurately reflect the heightened risk environment.

    Cyber Insurance Market Landscape
    Source: Minich Re

    Additionally, a new regulatory landscape has emerged, with an increasing number of states introducing privacy laws and new rules regarding cybersecurity incident disclosure as adopted by the Securities and Exchange Commission (SEC).

    New consumer privacy and data protection laws have now been instated in 18 states while many more bills are currently moving through various committees.

    Insurers offers cybersecurity services

    Insurers now use advanced technological tools to assess risks and offer cybersecurity services, providing a comprehensive approach to cyber risk management.

    Retail agents can cross-sell and introduce cyber insurance to new buyers, presenting significant growth potential.

    Derigiotis stressed the need for balance, stating that the insurance industry must balance growth and demand with evolving cyber risks to remain competitive and profitable. Enhancing risk management services, addressing supply chain risks and ransomware, and maintaining a balanced client portfolio will ensure longevity.

    Companies need a multi-layered approach to protection. Developing and regularly testing incident response plans, leveraging AI and machine learning for advanced threat detection and response, and maintaining a timely patching schedule for known vulnerabilities are essential steps.

    Implementing multi-factor authentication across all systems and for privileged users, securing the software supply chain, and preparing for ransomware attacks are also critical.

    Ensuring vendor agreements include notification requirements for unauthorized access or security incidents and staying informed about emerging threats through regular threat intelligence monitoring are vital practices.

    Derigiotis concluded by advising companies to consider appropriate cyber insurance coverage to transfer financial risks, emphasizing that focusing on these areas can significantly improve cybersecurity and resilience against evolving threats.

    Cyber landscape continues to evolve rapidly

    The cyber landscape continues to evolve rapidly with emerging threats like ransomware, AI-driven attacks, and supply chain vulnerabilities. These threats can lead to severe consequences, including prolonged business interruptions, major data breaches, significant financial loss, and hefty regulatory fines.

    Source: Verizon

    Verizon’s Data Breach Investigations Report identified 5,175 breach incidents, with 3,803 confirming data disclosure.

    Ransomware and other forms of extortion are prevalent in 92% of industries, ranking as a top threat. These attacks now account for 23% of all breaches.

    System intrusions are responsible for 36% of breaches. These intrusions involve unauthorized access to computer systems by cybercriminals aiming to steal sensitive information, disrupt operations, or deploy malware for malicious purposes.

    State-sponsored threat group, Cozy Bear, also known as APT29, has been carrying out devastating cyber attacks on major corporations since late 2023.

    Both Microsoft and Hewlett Packard have revealed this attacker group to be the culprit of the breaches on their respective systems.

    Cozy Bear’s primary targets are U.S. and European diplomatic entities, governments, non-governmental organizations (NGOs), and IT service providers.

    Their primary goals include gathering intelligence from government, diplomatic, and military organizations, and infiltrating key sectors such as energy, technology, and academia to collect sensitive data and advance Russia’s geopolitical interests.

    Cyber Risk Management Strategies

    Cyber Risk Management Strategies

    Companies need a multi-layered approach to protection.

    • Develop and regularly test incident response plans.
    • Leverage AI and machine learning for advanced threat detection and response.
    • Maintain a timely patching schedule for known vulnerabilities.
    • Implement multi-factor authentication across all systems and for privileged users.
    • Secure the software supply chain and prepare for ransomware attacks.
    • Ensure vendor agreements include notification requirements for unauthorized access or security incidents.
    • Stay informed about emerging threats through regular threat intelligence monitoring.

    Shifts in the Cyber Insurance Market

    The cyber insurance market is shifting due to rising competition, evolving regulatory environments, and new cyber threats. As the market softens, carriers are introducing more comprehensive offerings.

    Agents must use their expertise and resources to stay ahead. Cross-selling cyber insurance to first-time buyers offers significant growth potential, given the market’s low adoption rates.

    Consider appropriate cyber insurance coverage to transfer financial risks. Focusing on these areas can significantly improve cybersecurity and resilience against evolving threats.

    Utilizing advanced technological tools for risk assessment and cybersecurity services allows agents to enhance their service offerings and provide clients with comprehensive solutions.

    Agents need to remain vigilant about capacity constraints, regulatory changes, and emerging trends to ensure adequate coverage for clients. In this rapidly evolving landscape, agents who effectively blend human expertise with technological innovation will thrive.

    Staying informed, proactive, and client-focused will help agents position themselves as trusted advisors, providing valuable guidance in navigating the complexities of the cyber insurance market.

    ……………….

    AUTHOR: David Derigiotis – President of brokerage and Head of Insurance for Flow Specialty