New cyber insurance capacity is increasingly matching fast-growing demand, particularly within the United States, and greater competition is said to be leading to decreasing retention levels, as well as lower costs for coverage.
According to S&P Global Ratings report, cyber insurance remains one of the fastest-growing areas within the global insurance industry, with premiums anticipated to exceed $20 bn by 2025, up from an estimated $15 bn in 2023.
Global cyber insurance market has further matured. Cyber risk continues to increase, driven by rapid technological advances such as generative artificial intelligence or cloud technology. Global industries are increasingly dependent on IT, Internet of Things, Operational Technology and digital services, such as cloud computing, each of which represent a critical part of the supply chain for many risk owners, according to Munich Re.
S&P Global Ratings is closely monitoring how margin reductions might affect capital, earnings, and risk exposure assessments for rated insurers and reinsurers.
The agency highlighted the evolution of cyber risk underwriting, emphasizing the integration of traditional qualitative research with tools for data-driven scenario analysis.
S&P noted that increased use of modeling could lower costs and improve pricing and risk assessment accuracy. The agency also flagged flexibility as being a key factor towards capturing changes to cyber risks.
This could also introduce rigidity, necessitating the deliberate incorporation of flexibility in models to maintain individualized risk underwriting and sound decision-making at the portfolio level.
This is especially important given the widespread adoption of artificial intelligence which is anticipated to deliver significant automation of cyber attacks, and increase their effectiveness through personalisation, according to Cyber Risk Insurance Market Global Trends.
The discussion on cyber risk management among U.S. local governments highlighted the increasingly swift and transparent responses to cyber incidents across both large and small entities. Effective cyber risk management requires more than just insurance; it must also include robust detection and protection measures.
Despite rising premiums, competition in the market is driving more issuers to secure policies.
Occasionally analysts still hear about an entity foregoing insurance, typically for budgetary reasons, Event then, most of them still plan on obtaining insurance in the future and have chosen to invest in cyber security in other ways in the near term.
S&P view the proliferation of cyber risk pools as a positive development in public finance, particularly for those entities priced out of the private insurance market (see Cyber Insurance Poses Significant Risks to Re/Insurers’ Stability).
Risk pools grant smaller local governments access to resources that would otherwise be unaffordable, such as IT professionals and consulting services.
They also promote cybersecurity best practices through checklists that members are required to follow.