This is a half-year update of the GB cyber insurance market in H2 2024, providing analysis and insights for buyers and stakeholders, covering market trends, pricing, capacity, coverage, claims, and notable cyber incidents, highlighting both a turbulent cyber risk environment, counterbalanced with very favourable buying conditions for cyber insurance.
01
02
03
The inflow of capital into the cyber insurance market continued throughout H2 2024. October saw Beazley launch their new Quantum consortium,[5] offering up to USD100m of cyber capacity. Beazley followed this up later in October with another consortium named Flex, which allows them to combine civil liability, crime/fraud and cyber cover for financial institutions into one single policy with capacity of up to €50M/USD50M.[6]
Beazley’s new offerings add to existing cyber consortia such as Brit cyber attack plus (BCAP),[7] Brit First 50[8] and Munich Re stream, the latter of which offers up to USD215m of capacity.[9]
H2 2024 saw very strong competition from insurers across the cyber market. This was good news for existing and new cyber insurance buyers, giving them a range of options to purchase new policy coverage and/or limits from a marketplace with strong and persistent competitive tension.
As capacity has flowed into the cyber insurance market consistently over the past 3 years it feels safe to predict that capacity will remain plentiful in 2025.
Given the scale of available capacity we expect 2025 to generate as much competition across the marketplace as was witnessed in 2024, with the aforementioned Quantum, First50 and Flex consortiums only adding further competitive tension.
Due to the number of participants active in the cyber market, only insurers who have the most compelling propositions are likely to differentiate themselves in comparison to those who are more akin to a commodity proposition.
Double digit premium reductions were often available during H2 2024; with a number of clients achieving reductions in both H2 2023, and H2 2024.
However, there were exceptions to these trends, with some insurers walking away from business due to concerns regarding price adequacy, given compound year on year significant pricing reductions.
In terms of self-insured retentions, insurers are often willing to provide alternative lower options/structures, particularly where this mitigates the level of premium reduction (trading a lower retention for a more modest premium reduction).
Overall, the cyber insurance market during H2 2024 was a very favourable environment for buyers.
Further premium reductions are expected in 2025 due to the over-arching ‘soft’ market conditions and that early signs point to soft reinsurance renewal conditions for insurers renewing their own programmes on 1st January 2025.
However, given the compound pricing reductions in recent years we do expect that insurers will do all they can to counter such further downward pressure, citing the volume of and increasing value of claims.
As insurers interest will most commonly be the status quo, the role of the cyber broker to achieve the best outcome for a client will be critical in 2025.
Coverage for supply chain business interruption risk has remained a key area of focus for clients throughout 2024, against a backdrop such supply chain events continuing to surface in the public domain, such as Change Healthcare ransomware attack[10], Mircosoft/Crowdstrike system failure event[11] and CDX ransomware incident.[12]
Due to the realities of global interconnectivity / often invisible supply-chain bottlenecks, it is unsurprising that cyber buyers have sought broader coverage to transfer such risk, as the ability to meaningfully manage exposure to it is very limited.
Systemic and supply chain risks look set to remain firmly intertwined in 2025, as a result we expect the demand for coverage against such risks to be higher than ever this year. Due to the exposure this presents for insurers, there will be a strong push from the likes of major reinsurers to obtain more consistent underwriting metrics in to further model portfolio-wide exposure.
89% Plan to expand their cyber insurance coverage
The challenges connected to these exposures appear to be front of mind for executives, with Chubb’s 2025 report Risk Decisions 360°: Emerging Risks That Can Impede Sustainable Company Growth[13] noting that Over 89% of executives (from the 500 surveyed) plan to expand their cyber insurance coverage to address the increasing threat of technological vulnerabilities. Those executives acknowledge the challenge of effectively managing the breadth of emerging and evolving risks, with more than one-third believing that their company isn't either extremely or very effective at mitigating risk.
In September further details regarding the largest cyber ransom paid to date were reported publicly, with hacking group dark angels being paid $75m by a major US drug distributor. The initial ransom demand was reported as $150m.
Reportedly the Dark Angels group employs a highly targeted approach, typically attacking a single large company at a time, such as in 2023, when they demanded $51 million after exploiting international conglomerate Johnson Controls.[14]
H2 brought another supply chain cyber attack, with enterprise software developer Cleo, with ransomware gang Cl0p exploiting vulnerabilities affecting the Harmony, VLTrader, and LexiCom file transfer tools. As Cleo has in excess of 4,000 clients the ripple-effect of such attacks appears to be significant.[15]
In August a US background check firm (National Public Data) confirmed after months of confusion it had suffered a data breach (at the hands of hacking group USDoD), resulting in a number of class-action lawsuits against it. Ultimately its parent company Jerico Pictures filed for bankruptcy on 2nd October 2024.[16]
The connection between global connectivity/supply chains and systemic risk is not going anywhere as 2024 demonstrated, and when things went wrong the impact has been and will be huge, such as the 8.5m windows machines across the globe that were impaired on 19th July 2024 when CrowdStrike suffered its outage.
If 2025 delivers even one such event that lasts more than a few hour this time (such as the same incident but perpetrated by a ransomware gang), the impact enterprises across the globe could be huge, just as the Cleo supply chain incident may well be for many of their 4,000 clients, leaving C-suite executives to justify their understanding of such exposures, and as a result why they transferred as much or little (or none) of this risk to such a buyer friendly cyber insurance market.
