The leading insurer said there is evidence that the average cost of cyber insurance is falling, with year-over-year changes in premiums showing a sustained decline since the start of 2023. New reports Insurance broker Howden said the correction in a market which has historically seen premiums remain high amid a global ransomware epidemic was due to stronger cybersecurity across the private sector.
“Despite the still-high number of ransomware incidents, global geopolitical instability and growing concerns about how cybercriminals will exploit generative AI, the positive trends continue into 2024,” said Sarah Neild, head of UK cyber retail at Howden. “The current situation, combining rising threats with a stable insurance market underpinned by robust risk management, is one the market has never seen before. The foundations are now in place for a mature cyber market with innovation and exposure-led growth at its core.”
Cyber insurance market shows signs of maturity
Cyber has proven to be a tricky market for insurers in recent years, as they struggle to help businesses protect themselves against the threat of hacking without incurring huge costs. This challenge has typically been solved in one of two ways: by raising premiums or imposing stricter cybersecurity postures on customers to reduce the risk of a breach occurring in the first place.
The private sector appears to be doing the latter on its own, without encouragement from insurers. Ransomware incidents are 18% more frequent than they will be in 2023, but fewer companies are paying ransoms to cybercriminals, “mainly due to more efficient risk management,” Howden said. CISOs are also increasingly using generative AI to track new threats against their companies, with 22% reporting to Howden that they started doing so this year.
Premiums are also being reduced due to a general expansion of the market from large to smaller businesses. This trend is also reflected geographically, with Howden predicting that half of premium growth will occur outside the US by the end of the decade. “In the major European economies of Germany, France, Italy and Spain alone, premiums could rise by around €700 million just to replicate the penetration levels achieved in more mature markets,” the firm said.
Systemic cyber risks remain a major threat
Still, concerns about systemic cyber risk remain in some markets. For example, a growing number of financial institutions have warned that a breach at a popular third-party software provider could have devastating consequences for the banking industry. But Howden said recent data shows that the indirect costs of cleaning up such breaches are far less than those borne by companies directly affected by such attacks.
Howden said that this is not to say cyber insurers or their clients should ignore the risk of such incidents, particularly so-called “cornerstone attacks” against common operating systems such as Linux and Windows. “Nation-state actors, as well as some criminal groups, are known to be investing significant amounts of money in developing these types of widespread breaches,” he said. “While the likelihood of such an incident remains low, it would require a cascade of unfortunate events and the impact could be devastating.”