Acting quickly could be said to be insurers’ kryptonite – however, the supply and demand see-saw for cyber cover means insurers may need to embrace this discomfort

By Jon Guy

Insurers are set to come under increasing pressure to support clients as the threat of cyber crime increases.

Jon Guy

Jon Guy

A series of high profile incidents – such as September 2024’s Transport for London attack and July 2024’s ransomware event at Lancaster Royal Grammar School have left businesses clamouring for cover. This new demand is likely to test the market and its appetite.

New research from Bloomberg Intelligence, published this month (October 2024), found that insurer Beazley is predicting 18% compound annual growth for cyber cover between 2024 and 2030, while Hiscox, Axis Capital, Chubb and Munich Re are also seeing rising demand.

These findings come as figures from technology consultancy Cybersecurity Ventures found an estimated $8tr (£6tr) was lost globally to cyber crime in 2023, while Allianz has stated that cyber risk is the number one concern globally, alongside business interruption.

Kevin Ryan, senior insurance analyst at Bloomberg Intelligence, commented: “United Healthcare’s Change Healthcare medical billing processor, which links one third of Americans to health insurance payments, suffered a cyber attack in February, crippling the payments systems of a significant number of hospitals.

“The May [2024] attack on Ticketmaster compromising 560 million customer records is a further example of the unrelenting cyber crime challenge.”

Supply and demand

The demand from clients for cyber cover had impacted the balance between demand and supply.

Increased demand coupled with increased risks has put further pressure on premium rates. However, the rate of premium increases is beginning to slow.

It is often said that with risk comes opportunity and certainly, in the more established and mature insurance markets such as the UK and Europe, cyber is a class of business that offers the potential for tangible growth.

Ryan said: “Insurers have the infrastructure to work collaboratively with clients and provide services before and after malware incidents, thus minimising potentially negative outcomes.

“Cyber threats and infiltration techniques are moving to more sustained levels – known as ‘advanced persistent threats’ – away from quick, one-off acts.”

July 2024’s Crowdstrike incident gave the insurance market a sharp reminder that its fears of a systemic cyber event are not misplaced.

Because of this, industry-wide concerns remain over the lack of claims data, fast evolving cyber risks – such as the greater use of artificial intelligence – and the struggle to accurately define exposure levels.

It is rare that a new risk class can emerge relatively quickly and demand grow so rapidly. But speed is all too often something that insurers are uncomfortable with. They prefer a slow and secure development built on the back of cold, hard and reliable data.

Demand for cover is only set to increase for a risk that is becoming more concerning for businesses of all sizes. For insurers the question remains – just how much risk are they willing to take?