Navigating the volatile cyber insurance market, insurers face a challenging environment of rapid growth, unpredictable threats, and unsustainable pricing models.
According to a report by Risk Placement Services (RPS), the cyber insurance market is experiencing rapid growth and volatility, with the cycle between hard and soft markets much more compressed than other types of insurance.
This volatility makes it difficult for agents to operate in the market – a rapidly changing threat landscape, ever-changing client needs, and ever-rising and falling premiums – RPS says in its 2024 US Cyber Market Outlook.
According to Steve Robinson, head of the national cyber practice at RPS, “the dangers facing cyber insurers are constantly changing in ways that cannot be predicted, and that means the market needs to adapt quickly.”
The cyber market experienced a wave of innovation between 2014 and 2019, with expanded coverage and declining rates. However, this was followed by a period of intense hardening and maturity from 2020 to 2022, when ransomware became a more pervasive threat. During this time, rates rose rapidly, sometimes reaching triple-digit increases, and the market continued to tighten until the end of 2022.
In 2023, the market turned around again, ransomware events dropped, and premiums followed suit. But insurers have started cutting rates with less than a year of favorable claims data, RPS said. This was largely due to newer players who were used to high income from skyrocketing rates and higher policy rollouts.
“A few years ago, getting a $10 million cap was almost unheard of,” says Kunal Mallik, RPS’s senior vice president for the region. “Now, insurers may be willing to offer up to $10 million, thereby increasing the available capacity.”
Given that demands are already increasing again, current trends will not be sustainable in the medium to long term. Mallik suggests that a market correction in prices is overdue. He adds that the same market dynamics that have driven new entrants to lower premiums could now lead to them pushing up in the near future.
The expected return to a changing market is also driven by a worsening claims landscape, reflecting new threats and the return of familiar ones.
Claims data from cyber incident response law firm Mullen Coughlin, LLC shows a more active threat landscape. By incident type, the main threats by November 2023 were:
- Incidents of corporate email compromise, frequency up 35% from 2022.
- Ransomware, up 19% from 2022.
- Third-party breaches, up 19%.
Mullen Coughlin says the data shows the industries leading in ransomware activity were:
- Professional services, 27% increase in frequency from 2022.
- Manufacturing and distribution, up 22%.
- Healthcare and life sciences, up 12%.
- Technology is up 11%.
- Education, up 7%.
RPS Area Vice President Dillon Behr advises that agents need to be smart about how they present solutions to their clients in this changing market.
“Agents need to explicitly communicate to their clients that the low premium offered today is unlikely to remain the same at the next renewal; it’s just not sustainable and they have to be prepared for it,” Behr said.