The UK cyber insurance market has shifted to favor buyers, driven by abundant capacity and fierce competition among insurers, leading to rate decreases, according to Marsh’s Q1 2024 cyber insurance report.

Generative AI continues to be a rapidly evolving risk, with its impact on cybersecurity under scrutiny in 2024 (see How Generative AI Change the Cyber Insurance?).

In Q1 2024, organisations strengthened their cyber risk management with more effective, data-driven controls, which ultimately led to decreased rates, improved terms and conditions, and an increase in underwritten business by insurers.

Despite favorable market conditions, cyber threats remained substantial. Insureds faced large ransomware and privacy losses.

Cyber Insurance rates ease, risk remains

Cyber Insurance rates ease, risk remains

A UK Government survey revealed that 50% of all businesses and 84% of large businesses reported cybersecurity breaches or attacks in the past year.

In March, major UK retailers and fast-food chains experienced IT outages. While not linked to malicious actors, the disruptions highlighted the reliance on technology in modern business.

Cybercriminals now use blockchain and AI to automate and enhance threats. Cybersecurity software providers are adopting AI to better detect and mitigate attacks, such as filtering phishing emails.

In Q1 2024, cyber insurance rates for Marsh’s UK clients with revenues over £200 million dropped by 12% on average, with primary layers decreasing by 10%. This marked the second consecutive quarter of double-digit rate reductions.

Prices decrease over four consecutive quarters

Prices decrease over four consecutive quarters
Source: March

Average cyber insurance limit increases

In the first quarter of 2024, average limits in the transportation; communications, media, and technology; financial institutions; manufacturing; retail and wholesale; and healthcare sectors increased, compared to the same quarter in 2023.

The retail and wholesale sector saw the largest year-on-year rise in average limit of 24%.

Average limits increased by 7%, year on year, for organisations in the communications, media, and technology and financial institutions sectors.

During this period, 24% of clients expanded their overall limits, 17% increased primary layers, and 74% saw premium decreases, while 6% had unchanged premiums, and 21% paid more.

Cyber insurance limits increase across all sectors

Cyber insurance limits increase across all sectors
Source: March

From an insurer perspective, competition in the primary space was fierce amid the growth targets set by insurers. Prices are expected to continue to decrease over the next quarter, on both a primary and excess basis. 

Organizations rapidly adopted technology

Over the past decade, organizations have rapidly adopted technology, including digitally controlled operational tech, IoT devices, and business communication systems.

This expansion has increased attack surfaces, allowing cybercriminals to exploit new vulnerabilities. Ransomware attacks have become more damaging, with rising extortion demands driving up claims costs.

Extortion incidents among Marsh UK clients rose by over 300% in 2023 compared to 2022, focusing more on data theft than encryption.

Human error remains a leading cause of cyber incidents. Last year, legal and education sectors saw a surge in attacks via phishing emails. This year, a broader range of industries faced various attacks, including zero-day exploits.

Ransomware claim notifications are expected to remain steady into 2025, but ransom payments have generally decreased.

An increase in phishing emails and business email compromise are also expected as threat actors continue to leverage GenAI which can automate the process of sending phishing emails, personalise emails, and generally make them more sophisticated and far harder to detect.

Marsh concludes by noting that smaller organisations that are lacking robust cybersecurity controls, may pose a risk to the entire supply chain if they suffer a cyberattack.

As AI models advance, organizations may need to address potential corporate liabilities from using these models in operations, customer services, and products.

AI presents risks and opportunity

AI presents risks and opportunity

Generative artificial intelligence (AI) is a rapidly evolving risk issue and its potential impact on cybersecurity continues to be much discussed in 2024.

Cybercriminals are already using AI to automate and facilitate threats, with new risks and permutations of existing ones likely to emerge.

For example, some have found a significant opportunity in enabling software to more effectively detect and filter out phishing scams from email, mitigating the risk of malware attacks.

Systemic cyber risk continued to be a leading concern for insurers. In the first quarter of 2024, insurers included specific war and territorial exclusions in cyber policies, with war exclusion language in line with Lloyd’s requirements.

In general, increased competition among carriers resulted in more coverage options for organisations.

Underwriters were generally comfortable with the level of detail provided in application forms provided by insureds at the start of 2024, paying particular attention to vendor/third-party management and data collection practices.

Cyber claims increase slightly

Marsh UK clients reported 144 cyber claims in the first quarter of 2024, nearly the same as the 143 recorded in the same period in 2023. Overall, since the first quarter of 2019, our data shows a general upward trajectory of claims.

In the first quarter of 2024, the flurry of notifications included malicious exploits of zero-day vulnerabilities, which are security software flaws that are unknown to the developers.

These attacks can affect multiple organisations across different sectors, potentially causing widespread impact.

Claims continue to rise

Claims continue to rise
Source: March

Ransomware incidents in the first quarter continued to be financially burdensome, more targeted, and to include supply chain incidents.

There continued to be “scattergun”-type cyberattacks and, ensuing from some of those events, business e-mail compromise incidents in which bad actors accessed inboxes to change payment data and fraudulently divert payments.

AI development continued to contribute to a heightened threat landscape, with, for example, the increased sophistication of social engineering.

With one deepfake scam recently resulting in a duped payment running into the tens of millions of pounds, we expect a rise of incidents leveraging this type of technology.

Cybercriminals are adapting their methods of attack

Cybercriminals are adapting their methods of attack

Cybercriminals are sophisticated enough to target their attacks for maximum impact. For example, retailers tend to be targeted during annual high-trade periods, hotel groups during holidays, and listed businesses ahead of quarterly results publications.

Cybercriminals are continually adapting their methods of attack, devising new ways to commercialise what they have stolen.

However, insureds recognise the severity of the new risk environment and the need to understand and mitigate cyber risk. Meanwhile, the insurance industry has been proactive in sharing information with organisations regarding the root causes of losses and how those losses can be mitigated.

There has been a notable uptick in the adoption of cyber controls by insureds, helping them achieve a stronger security posture within a relatively short timeframe.

Indeed, there has been a significant shift in focus regarding cyber risk over the past two years. Previously, the primary emphasis was on insureds implementing the key cybersecurity controls.

Now that many insureds have achieved a more mature security posture, underwriters are increasingly evaluating how well businesses can respond when incidents occur.

The mindset of insurers and others has shifted from if there is a cyberattack to when there is a cyberattack. Therefore, the ability of their organisation to respond to cyber events has become a crucial factor for insureds to address.

For example, an insurer may ask a manufacturer whether production can be switched from a facility that could be impacted by a cyberattack to another that might be unaffected during a cyber event.

Insurers may also want to know if an organisation holds enough stock to fulfil orders while the business is brought back online after an incident.

Answers to the more cyber-oriented questions around backups and the speed at which systems can be restored from backups will also be sought.

Given the current situation, the ostrich approach, where organisations neglect or downplay cyber risk, is no longer a viable or acceptable strategy.


AUTHORS: Kelly Butler – Managing Director, Head of Cyber at UK Marsh Specialty, Holly Waszak – Head of Cyber Claims, Cyber Risk at Marsh Specialty, Gareth Bateman – Cyber Growth Leader at Marsh Specialty (United Kingdom)

You May Also Like