The size of the cyber insurance market could reach $50 billion by 2030, according to the third annual report on the topic by analysts at international insurance broker Howden, according to its website.
After a major market correction due to an increase in ransomware claims in 2020 and 2021 that more than doubled the cost of cyber protection, conditions began to stabilize last year as activity declined and more robust risk controls deterred or mitigated attacks.
However, the report notes that cyberspace is not standing still, and events in 2023 point to a nuanced market. That said, optimism about more favorable supply dynamics for insurance buyers (through improved underwriting efficiency for insurers) is tempered by resurgent ransomware activity, lingering concerns about potential systemic losses and capital availability.
According to the report, there was a significant increase in ransomware attacks in the first half of 2023, but disclosures from a number of carriers in the first quarter of 2023 suggest that this has not (yet) been accompanied by a corresponding increase in claims. This in turn points to the effectiveness of risk controls that make companies more resilient and support a more stable cyber insurance market. Terms are now softening, and buyers who have the right risk controls are rewarded with better prices and terms, the paper explains.
As for cyber insurance pricing, the cost of cyber insurance is now more commensurate with the cost of loss after the recent correction, according to Dan Leahy, deputy director of Howden, whose words are cited in the report, after going through the early stages of development, which often involve new, fast-growing lines of business.
“While there has been a decline in prices in the first half of 2023, the sustainability of this trend remains uncertain given the ubiquity of threats,” he added.
As noted, while risk awareness is growing everywhere, cyber insurance, in fact, remains a large corporate market at present, and “needs to work, especially with smaller companies.” This is supported by the example of France, where 85% of the premiums paid for cyber insurance in 2022 came from large companies. The remaining 15% came from mid-sized companies and SMEs, but they accounted for a disproportionate share of claims reported
The report indicates that the use of direct market reinsurance is the biggest differentiator between cyber and any other class, as approximately 45% of cyber premiums are currently ceded to reinsurers, broad bandwidth limitations apply and price adjustments in the reinsurance market also represent potential limitations.