Cyber-Insurance Prices Plummet as Market Competition Grows

A steady decline in premium rates over the past year has made it more affordable than ever for organizations of all sizes to acquire cyber-insurance coverage.

Much of the decline is the result of a more competitive marketplace in which many more insurance companies than even two years ago have begun offering coverage for cybersecurity incidents such as ransomware attacks and data breaches. Partly, the lower rates are also tied to better cyber hygiene overall among a growing number of insured organizations, according to a new report from London-based Howden Insurance.

Notable Cyber-Insurance Premium Decrease

Howden tracked a 15% reduction in average cyber-insurance premium rates in 2023 compared with the prior year. The decline followed a two-year period between December 2020 and December 2022 in which rates surged dramatically as the result of a big increase in ransomware-related claims.

"Favorable dynamics have persisted into 2024, with the cost of cyber insurance continuing to fall despite ongoing attacks, heightened geopolitical instability, and the proliferation of GenAI," said Sarah Neild, head of cyber retail, UK, at Howden, in a statement. "At no other point has the market experienced the current mix of conditions: a heightened threat landscape combined with a stable insurance market underpinned by robust risk controls."

Howden says the foundations are in place for a more mature global cyber-insurance market with most future growth (predicted at 54%) coming from outside the US between now and 2030.

Howden's findings are similar to those by US-based Aon, which earlier this year reported a 17% decline in premium rates in 2023 compared with 2022. Like Howden, Aon also expects pricing for insurance to remain stable through at least the end of the year because of "ample capacity and a competitive market environment."

Aon's analysis showed that a surge in ransomware and other cyberattacks — including notable incidents like the one involving Progress Software's MOVEit file transfer software and the Cl0p ransomware group's targeting of the flaw — has heightened interest in cyber insurance among organizations. Also contributing to the growing interest are heightened regulatory reporting requirements around cybersecurity incidents for many organizations. 

"Despite a growing number of cyber incidents and heightened privacy regulation, the U.S. market showcased expansion of a buyer-friendly cyber market," the Aon report noted. "In addition, business efforts to strengthen security have created more sustainable pricing levels."

Shawn Ram, head of insurance at Coalition Insurance, says not only have premium rates declined, but it's notable that they've done so even as cybersecurity-related claims have increased during the past year.

"In 2023, overall claims frequency increased 13% year-over-year, and overall claims severity increased 10% YoY, resulting in an average loss of $100,000," he says. "Claims frequency increased across all revenue bands, with businesses between $25 million and $100 million in revenue seeing the sharpest spike — a 32% YoY increase."

Claims activity is unlikely to have a major impact on pricing for cyber insurance simply because of the number of options enterprise organizations have these days, he says.  "Capacity for cyber insurance is robust and has led to reduced rates," he adds.

A Maturing Cyber-Insurance Market

Other factors are at play as well. Insurance companies, for instance, have gotten better at evaluating cyber-risk, says Andrew Braunberg, an analyst with Omdia.

"Carriers are getting a lot smarter in how they assess the cyber-risks of prospects, and the way they write up coverage," Braunberg says, adding that when it comes to doing risk assessments on organizations that want insurance coverage, carriers are much more thorough in what they are looking at and why.

"Gone, for the most part, are simple questionnaires. Insurers want to a much deeper, and dynamic, view of risk," he notes. Also, many have begun expecting insured organizations to have proactive security technologies in place, he says. The result is that cyber-insurance requirements have become a key decision in enterprise security spending decisions.

Howden also expects demand for cyber insurance from small and midsize enterprises (SMEs) — which account for nearly half of the GDP in major economies — to fuel growth and price stability in the market over the next few years. The SME space is currently an underserved demographic that offers a "huge" growth opportunity for insurers and brokers, according to Howden. The insurer also expects the market to expand dramatically over the next few years as insurance companies seek to expand outside the US — which currently accounts for two-thirds of the global market.

Xing Xin, CEO and co-founder of cyber security and insurance platform Upfort, says there are enough insurers waiting to write more business around cybersecurity for prices to remain where they are for the short term at least. But he expects increased claims frequency and severity to have an eventual impact on underwriting and rates for many insurance markets.

"Alternatively, a widespread cybersecurity issue that systemically triggers a high count of policies" could reverse the current trend as well, he says. "If this happens and there's a pullback of supply/capacity in the market, then we'd see rates grow in an accelerated way."