Cyber insurance has a strange past: AIG first took cyber insurance to market in 1997 despite a total lack of actuarial data to inform premiums or policies. Essentially, the industry ran on guesswork. Even today, the cyber insurance market is remarkably unpredictable compared to long-established insurance policies such as those for housing or health.
Typically, when cybercrime – or, more specifically, ransomware – rates rise, so do insurance premiums. This issue has plagued the cyber insurance market for the past decade; as ransomware rates surged, premiums rose to a near unaffordable high. Just last year, cyber insurance premiums rose by 50% amidst an increasingly tumultuous threat landscape. At the start of 2024, experts predicted that premiums would increase even further.
However, a recent report from Howden, a specialist insurance broker, revealed that cyber insurance premiums are declining despite a recent wave of ransomware attacks. This phenomenon could indicate a maturing cyber insurance market. So, let's look a little deeper.
The Rising Ransomware Threat
According to Howden's 2024 cyber insurance report, ransomware has firmly established itself as the predominant cyber threat. In the first half of 2024 alone, ransomware attack rates grew 18%, building on already high rates from 2023. To make matters worse, Howden observed that threat actors employ more sophisticated tactics like double extortion, during which attacks encrypt data and threaten to leak it.
Declining Insurance Premiums
However, cyber insurance premiums have declined despite rising attack rates. According to the report, global cyber insurance pricing has experienced double-digit reductions since the beginning of 2023. This reduction has, for the first time, bucked the trend of insurance rates rising alongside attack rates.
The report argues that "at no other point has the market experienced the current mix of conditions: a heightened threat landscape combined with a stable insurance market underpinned by robust risk controls. The foundations for a mature cyber market, with innovation and exposure-led growth at its core, are now in place."
What's Behind the Decline?
Several factors contribute to the recent reduction in cyber insurance premiums.
Improved Cybersecurity
According to Howden, improved cybersecurity measures are a key factor driving down insurance premiums. Companies are increasingly implementing measures such as multi-factor authentication (MFA), robust backup systems, security awareness training, and endpoint detection and response (EDR) solutions, which have significantly bolstered their defenses against cyber threats, reducing the likelihood of successful attacks and, consequently, insurance claims.
Increased Competition
As more insurers enter the cyber insurance market, increased competition has led to more attractive pricing for policyholders.
Market Expansion
The geographic expansion of the cyber insurance market has also helped bring down premiums. While the United States has traditionally dominated the market, accounting for approximately two-thirds of global premiums, Howden predicts significant growth in non-U.S. territories. By 2030, the company expects more than half of premium growth from Europe, Latin America, and Asia.
Similarly, Howden cites a growing focus on small and medium-sized enterprises (SMEs), historically underserved in the cyber insurance market, contributing to declining insurance premiums. As SMEs account for nearly half of advanced economies' GDP, insurers have begun targeting them with tailored, affordable solutions.
Implications for Businesses and Insurers
For businesses, the decline in cyber insurance premiums presents an opportunity to secure more cost-effective coverage. However, it also underscores the importance of maintaining and continually improving cybersecurity measures. As insurers demand higher standards of cyber resilience from their clients, companies must invest in comprehensive cybersecurity strategies to qualify for coverage and benefit from lower premiums.
For insurers, the challenge lies in balancing competitive pricing with sustainable risk management. The decline in premiums does not diminish the need for robust underwriting practices and stringent risk assessment. Insurers must continue to innovate and adapt their offerings to address the evolving threat landscape while ensuring they remain financially viable.
Experts also believe that a matured cyber insurance market will contribute to cyber resilience more generally. "Cyber insurance is crucial to strengthening resilience around the world, and insurers are now in a strong position to bring about real change," said Jean Bayon de La Tour, Head of Cyber–International at Howden.
Looking Ahead
Ongoing developments in cybersecurity technologies will likely shape the future of the cyber insurance market. As businesses and insurers become more adept at managing cyber risks, the market will likely mature. Innovation in insurance products, combined with a broader geographic and market reach, will drive growth and stability in the sector.
However, it's crucial to recognize that just as legitimate businesses evolve and improve, so do illegitimate companies. As noted, ransomware attackers are growing increasingly sophisticated and will likely continue to do so. As such, organizations must not grow complacent, even as insurance premiums begin to fall.
In conclusion, despite the surge in ransomware attacks, the global decline in cyber insurance premiums highlights a dynamic and evolving market. Enhanced cybersecurity measures, increased competition, and geographic expansion drive this trend. Both businesses and insurers must continue to adapt and innovate to thrive in this challenging environment.
Editor’s Note: The opinions expressed in this and other guest author articles are solely those of the contributor and do not necessarily reflect those of Tripwire.