The era of rapid, double-digit growth in the cyber insurance market may be cooling, but the cyber expansion story isn’t over, according to Swiss Re‘s Cyber Reinsurance data. Beinsure analyzed the report and highlighted the key points.
A new market reality has emerged. Growth has slowed, and insurance rates are decreasing. Data from 2023 and 2024 reveals that many market participants overestimated growth and were overly optimistic about premium projections.
Between 2017 and 2022, the cyber market expanded at an impressive 32% annual rate. Global premiums doubled from 2017 to 2020 and then doubled again from 2020 to 2022, with projections initially anticipating this robust growth to continue.
Despite this, forecasts still suggest 20% annual growth, often presented as a near certainty. While this sounds promising, the question remains: is it realistic? Swiss Re’s data sheds light on the shifting market forces.
Insurers now use advanced technological tools to assess risks and offer cybersecurity services, providing a comprehensive approach to cyber risk management.
Retail agents can cross-sell and introduce cyber insurance to new buyers, presenting significant growth potential.
Derigiotis stressed the need for balance, stating that the insurance industry must balance growth and demand with evolving cyber risks to remain competitive and profitable. Enhancing risk management services, addressing supply chain risks and ransomware, and maintaining a balanced client portfolio will ensure longevity.
Companies need a multi-layered approach to cyber protection
Developing and regularly testing incident response plans, leveraging AI and machine learning for advanced threat detection and response, and maintaining a timely patching schedule for known vulnerabilities are essential steps.
From 2023 to 2024, the global cyber insurance market grew from $16.66 bn to $21 bn and is projected to reach $120 bn by 2032, demonstrating a substantial 24.5% CAGR during the forecast period
Insurers are leveraging advanced technological tools to assess risk and provide cybersecurity services alongside insurance coverage. This blending of insurance and security services represents an innovative shift in the market, aiming to provide a more holistic approach to cyber risk management.
Before 2019, premium growth came mainly from expanding exposure in North America and Europe, driven by corporate interest in cyber insurance. From 2020 to 2022, the surge in ransomware attacks resulted in significant losses. The market responded with higher rates to address the increased risk exposure.
Global cyber insurance premium dynamics
To dive a bit deeper into this trajectory, the growth can be broken down into two main components: Organic exposure growth (clients purchasing new policies and existing clients purchasing higher limits) and rate growth (higher premiums for the same limits).
The fluctuation of both parameters shows the decisive and fast reaction of the cyber insurance industry to the ransomware surge. In 2019 and 2020 the increasing losses were impacting the profitability of cyber insurance.
Consequently, many insurance carriers rigorously re-underwrote their cyber portfolios (see Cyber Risk Insurance Market Global Trends). They raised the bar for minimum cybersecurity requirements to obtain insurance, thus positively influencing the cyber resilience of their customers. Also, they reduced their deployed policy limits and increased cyber insurance rates to reflect the new level of risk.
Munich Re estimates global cyber premiums at approximately $14 bn and expects the cyber insurance market to reach a size of around $29 bn by 2027.
Given the continuing trend of more frequent and severe cyber-attacks, the survey indicates that the protection gap is still disproportionately huge.
Munich Re’s survey aim to better understand the challenges the global economy faces when it comes to cyber preparedness and the requirements for appropriate cyber insurance solutions. Global Cyber Risk Insurance report included over 7,500 participants from 15 countries, covering all industries and company sizes.
87% of all C-Level respondents report that their company is not adequately protected against cyber-attacks
Key topics covered included risk awareness, the role of cyber insurance with its cover elements and services as well as threat exposure for both companies and private individuals.
Global cyber insurance rate
While we observed double-digit rate hikes in cyber insurance in 2020, organic exposure growth was actually lagging. Still rate increases considerably outpaced the limit reductions. The resulting rapid premium growth phase culminated in 2022.
According to Beinsure’s survey results, awareness of cyber risks varies considerably across the globe: Respondents from North American and Northern European as well as Australian and some Asian markets are quite concerned about a potential cyber-attack.
Southern European, Latin American, African, and Indian C-Level respondents are highly concerned. The most concerned market in the previous survey wave, India, was superseded by Spain, where 90% of C-Level respondents were concerned or extremely concerned about a cyber-attack.
Different growth drivers in the future
In 2022-2024 the cyber insurance market hit a tipping point. Strong rates and improved profitability prospects of cyber portfolios increased the appetite of incumbent market participants and attracted a series of new entrants into the cyber insurance market.
Increased competition – initially on excess layers and later primary business as well – reversed the rate and exposure cycle in 2023. And rate reductions counter-balanced a lot of the organic growth.
The pronounced upwards cycle until 2022, followed shortly by a downwards trend has been observed globally, however, with some regional nuances. Higher rate increases were observed in North America compared to the European cyber market. While the SME segment saw more modest changes, rate increases were most pronounced for large corporates.
Is this the end of the cyber growth story? When looking at market developments and exploring the Swiss Re Cyber Data Lake, we expect a continued phase of growth – however with different drivers and regional variation.
According to CyberCube, US standalone premiums in 2023 totaled $8 bn. Based on the assumption that risk carriers manage capital for a 1-in-250 year aggregate loss event, Portfolio Manager catastrophe model estimates the industry required $20 bn of capital in 2023. U.S. cyber insurance market will grow to $20 bn by 2025.
Based on the mid-range projection, US standalone premiums are expected to reach $45 bn (present value), a five-fold increase from current levels.
However, CyberCube’s analysis of US organizations’ purchasing patterns reveals a significant gap in both the number of companies purchasing insurance and the financial protection provided by current coverage limits. Market growth must come from increasing exposures, not merely raising prices.
No lack of growth potential
The cyber market is far from saturated. For 2025, Swiss Re is estimating a market premium of USD 16.6bn (+8% over 2024) and the cyber protection gap remains huge. On the one hand, there is significant geographical potential as can be seen in the uneven distribution of cyber premium across regions.
According to Swiss Re data, North America dominates with 70% premium share followed by Europe (19%) and APAC (8%). This not only illustrates the varying cyber market maturity levels around the globe but also underpins the untapped cyber market growth potential of many economies in Europe and APAC.
Global cyber insurance market split by region
Cyber insurance penetration varies significantly across customer segments. Swiss Re estimates that around 80% of large corporations, with annual revenue exceeding $10 bn, have adopted cyber insurance. In contrast, only about 10% of small and medium-sized enterprises (SMEs), with annual revenue under $100 mn, have done the same.
Consequently, organic growth in the large corporate sector is mainly driven by clients seeking higher coverage limits. In contrast, the SME market holds considerable potential, as many companies are yet to purchase policies.
This leaves a substantial cyber protection gap among small and medium-sized businesses.
The SME segment represents a major global growth opportunity for cyber insurance. However, reaching these businesses requires targeted investments and tailored strategies.
Market data suggests that the cyber market moved from a rate increase-driven and double-digit growth trend to a rather single-digit exposure growth scenario. Going forward market participants need to focus on expanding the client base in order to grow their business sustainably.
The largest potential lies in the SME opportunity: To strengthen resilience against cyber threats, the insurance industry must not only broaden its geographic footprint, but also tailor risk transfer products and services to the specific needs of this client segment and find efficient ways to distribute them.
Cyber risks are projected to become a peak peril for property and casualty insurers, with potential losses surpassing Hurricane Katrina’s $102 bn.
Currently, insurers use various methods for capital management, including share of limits, internal models, and multiple external models.
At the lower end (10% CAGR), cyber capital would surpass the Northridge earthquake ($32 bn), the 10th largest natural catastrophe. At the higher end, cyber capital could account for 46% of today’s global reinsurance capital.
The availability of capacity willing to take on catastrophic tail risk could limit market growth due to increased capital requirements. Traditional (re)insurance will play a significant role in providing this capacity, with event cover offerings expanding to support cedants.
FAQ
No, while growth has slowed from double-digit rates, the cyber insurance market continues to expand. The focus is shifting to new drivers and opportunities, especially in untapped regions and customer segments.
The market grew by 32% annually, with global premiums doubling twice: first between 2017 and 2020, and then again from 2020 to 2022.
The market responded to a surge in ransomware attacks from 2020 to 2022 with higher insurance rates and stricter underwriting. By 2023, increased competition led to rate reductions, balancing out organic growth.
Swiss Re projects continued growth, but at a slower pace. The market is expected to reach $16.6 bn in premiums by 2025, with a focus on new growth drivers like expanding the client base and addressing the SME market.
While 80% of large corporations have adopted cyber insurance, only 10% of SMEs have done so. This presents a major opportunity for growth, as many SMEs lack adequate cyber protection.
Insurers need to invest in tailored risk transfer products, adapt their approaches to meet SME needs, and find efficient ways to distribute these products to improve cyber resilience in this segment.
North America currently holds 70% of global premiums, followed by Europe (19%) and APAC (8%). This uneven distribution highlights the growth potential in European and APAC markets, where cyber insurance adoption is less mature.
……………..
AUTHORS: Dani Tobler – Head Cyber Reinsurance at Swiss Re, Ginevra Corti – Head Cyber Continental Europe at Swiss Re, Stephan von Watzdorf – Head Cyber Centre at Swiss Re, Brett Nakano – Head Cyber US at Swiss Re