Skip to main content
main content, press tab to continue
Article

GB cyber insurance update H1 2024

September 4, 2024

Our latest GB cyber market update highlights market trends, pricing, capacity, coverage, claims, and notable incidents in H1 2024.
|Financial, Executive and Professional Risks (FINEX)
Risk Culture

This is a half-year update of the GB cyber insurance market in H1 2024, providing analysis and insights for buyers and stakeholders, covering market trends, pricing, capacity, coverage, claims, and notable cyber incidents, and highlighting both a volatile cyber risk environment but also favourable conditions and opportunities for cyber insurance purchasers.

How to utilise these insights

Cyber insurance market trends

Cyber insurance market capacity

H1 2024 saw very strong competition from insurers to deploy capacity on both primary and excess layers, including in sectors that were historically less attractive to some insurers. This was good news for existing and new cyber insurance buyers, giving them a range of options to purchase new policy coverage and/or limits.

WTW’s CyXS facility continues to serve new clients during H1. The CyXS facility is now able to offer limits of up to USD/GBP75m with the CyXS Restore (reinstatement) option continuing to be available as well as a new option for Cyber Property Damage cover.

WTW’s CyCore facility for UK domiciled businesses has also seen significant volumes of new buyers in H1 2024, the highest since the facilities creation four years ago, demonstrating a keen demand from clients to capitalise on the combined benefits of the facility offering and attractive buying conditions to transfer this material risk to the insurance market.

Premiums and self-insured retentions

Double digit premium reductions were often available during H1 2024; however, this is not the default position and was influenced by several factors, particularly the existing premium level.

However, there were exceptions to these trends, with some insurers (including incumbents) walking away from business due to concerns regarding price adequacy, given compound year on year significant pricing reductions.

In terms of self-insured retentions, insurers are often willing to provide alternative lower options/structures, particularly where this mitigates the level of premium reduction (trading a lower retention for a more modest premium reduction).

Overall, the cyber insurance market during H1 2024 was a very favorable environment for buyers and meaning that now is an attractive time for new cyber insurance buyers to benefit from these conditions.

Policy coverage

Coverage for system failure as a loss trigger has come into sharp focus following the Microsoft/Crowdstrike event in July 2024, which Microsoft believes has affected 8.5 million devices globally, across a wide range of industries (banking, air travel, hospitals, supermarkets and many others).

Coverage for supply chain business interruption risk has remained a key area of focus for our clients during H1 2024, against a backdrop of such supply chain events continuing to surface in the public domain.

During H1 WTW had a new war exclusion approved by the Lloyd’s Market Association (LMA), which has provided a meaningful new option for our clients across the globe already, owing to its straightforward structure and language.

Claims and notifications

Given the unique nature of the CrowdStrike event on 21st July, where a company engaged by many organizations globally as part of their protections against hackers/malicious actors, inadvertently led to significant outages of these corporations IT environments, we would suggest reading the WTW client alert on the event.

This incident serves as a stark reminder that cyber risks can be mitigated but often not removed, underlining that risk treatment should go hand in hand with transferring the inevitable residual cyber risks a business faces.

The magnitude of such residual risks is underlined as CrowdStrike’s CEO has since been called to testify in front of Congress about the outage. With Congress stating "This incident must serve as a broader warning about the national security risks associated with network dependency” in its letter scheduling the hearing.

The CrowdStrike event follows hot on the heels of the Change Healthcare Ransomware Attack, which resulted in the delay of payments running into billions of dollars and widespread impact to care providers and patients across the United States.

Cyber and Directors’ and Officers’ risks intertwined?

In this rapidly evolving digital landscape, the intersection of cyber risks and the responsibilities of directors and officers has never been more critical. Our 2024 Cyber In Focus report, which collected responses from directors and risk managers in 52 countries around the world, delves into the nuances of cyber risk governance, incident response, and cyber insurance, offering insights to help businesses navigate this complex terrain.

This year’s report highlighted again that Cyber-attack and Data Loss remain high on the risk agenda for directors and officers having been identified as two of the top three facing their organizations.


Contacts


Head of Cyber & TMT Broking (UK) FINEX GB

Head of FINEX Cyber & Tech

Service

Cyber Insurance from WTW

More than half of all cyber incidents begin with employees, so it’s a people problem. And the average breach costs $4 million, so it’s a capital problem, too. No one decodes this complexity better than WTW.

Contact us