Competition Fueled by Strong Cyber Insurance Profitability, Pricing Declines

The cyber insurance market is being set up for continued strong growth, propelled by an increasing number of severe cyber-attacks, more competition and price declines, a new Moody’s report shows.

The cyber market has seen moderate pricing declines, and some easing of terms and conditions over the past year, as insurers adjust reinsurance strategies, the report shows.

“As profitability has improved and cyber underwriters are able to better manage attritional losses, some insurers are shifting toward excess of loss treaties to manage widespread events,” the report states. “In addition, while the cyber insurance-linked securities market is still small, several insurers have issued cyber catastrophe bonds since early 2023.”

Increasing ransomware attacks and large losses could yield higher loss ratios, keeping price declines in check. Losses are likely increase, but Moody’s expects the segment to remain profitable this year—”absent a major catastrophe event.”

To date, the increased demand for cyber products has fueled market growth and pricing. Munich Re reported that global written premiums in cyber insurance reached $14 billion in 2023, more than doubling over the last five years, and they could reach $29 billion by 2027.

Despite this growth, cyber insurance is still in its infancy, with broadly varying differences in policy language, terms, and conditions around the trade, while many cyber risks also remain underinsured or entirely uninsured, which can pose consequential risks to the businesses and the global economy, the report shows.

The moderate pricing declines and easing of terms and conditions in the past year comes as improved profitability and growth prospects attract new capital, and existing players expand capacity, according to the report. Several insurers are increasing their limits while some traditional excess players are moving down into primary layers.

“According to insurance brokers, on a per risk basis, an insured may be able to obtain cyber insurance coverage of between $750 million and $1 billion,” the report states.

The percentage of victims paying a ransom over the last five years has declined despite ransomware attacks being up, as businesses rely more on restoration, backups and remediation strategies. Across all industries, most cyber claims continue to be related to ransomware, with business interruption being the primary contributor to losses.

“Ransomware attacks have been on the rise in recent quarters even as law enforcement has disrupted some of the largest players, including BlackCat and LockBit,” the report states. “Data from cryptocurrency tracing firm Chainalysis suggests that the total ransom payments for the first half of 2024 were $460 million, up from $449 million in the prior year period. This could imply that 2024 payments will exceed the record $1.1 billion in ransoms paid in 2023.”

Cyber modeling continues to evolve as aggregation risk remains the focus. The CrowdStrike incident showcased the range of risks posed by a single point of failure. Many organizations are linked to cloud providers and software firms and they rely on multiple interconnected systems which puts them at risk for concentrated failures.

The cyber insurance market is growing fast, but it is still a relatively small line of business. Cyber accounts for less than 1% of direct written premiums for the U.S. property/casualty insurance industry.

“In 2023, the top five carriers accounted for approximately one third of total cyber writings and the top 20 had a 76% market share, little changed from the prior year,” the Moody’s report states. “We expect more carriers and managing general agents to offer cyber coverage as the market expands in the years ahead.”