Executive summary

This update is a general overview of the key developments in the GB cyber insurance market; we will analyse the current conditions for WTW clients both international and UK based companies using the London insurance market to transfer risk.

During the second half of 2023, the GB cyber insurance market was generally a buyer's market in most revenue and industry segments, in particular:

  • Very favourable buying conditions throughout H2, particularly in Q4. Most segments of the cyber market benefited from notably improved rates, pricing, and number of options available.
  • Large amounts of capacity persisted in H2, fuelling very competitive market conditions.
  • Clients frequently achieved significant pricing reductions, with reductions of 15-40% becoming commonplace.
  • Policy retentions/excesses were generally stable, but insurers showed increased willingness to offer alternative retention options, often in exchange to mitigate pricing reductions.
  • Policy coverage, particularly in respect of systemic risk (war and infrastructure exclusions in particular) remains a hot topic & insurers increasingly willing to grant coverage extensions such as for supply chain business interruption risk.
  • Insurers showed more willingness to offer quotations with less granular underwriting information than in recent years.
  • Global insurer Allianz notes increase in ransomware frequency in excess of 50% during 2023.

Cyber insurance market capacity

Looking back over H2 2023

H2 2023 saw very strong competition from insurers to deploy capacity on both primary and excess layers. Such market conditions have provided existing cyber insurance buyers with a range of options to purchase increased policy limits.

USD10m remains a common average amount of capacity offered per insurer, with some insurers now offering limits/capacity in excess of USD10m. These themes have remained consistent throughout 2023.

WTW's CyXS facility continues to serve an increasing number of clients seeking increased limits and in-built unique features, such as the Restore, reinstatement of limit, option.

2024 Expectations

We expect capacity levels to remain high as insurers seek continued growth.

Further new primary options will be present in 2024, particularly from within the existing the pool of insurers currently writing predominantly excess layer business who are seeking to add primary business to their cyber portfolios.

We expect to see the average limits purchased on the WTW CyXS facility to grow as awareness of the multiple benefits of the product are further digested. The CyXS Restore (reinstatement) option was utilised by a number of our clients and we expect this trend to continue and to expand.

Premiums and self-insured retentions

Looking back over H2 2023

Premium reductions of around 10-40% were often available during H2 2023, however this is not the default position and was influenced by a number of factors, particularly the existing premium level.


Premium reduction often available in H2 2023

There were exceptions to the trends outlined above, such as placements where risk controls were perceived as insufficient, there has been claims activity, or where the current pricing was considered to be inadequate.

In terms of self-insured retentions, insurers have generally been willing to provide alternative lower options/structures, particularly where this mitigates the level of premium reduction (trading a lower retention for a more modest premium reduction).

2024 Expectations

As the 2023 market conditions changed materially quarter by quarter, we expect this to be reflected in average pricing movements in each quarter. For example, as Q1 2023 was the least competitive quarter of 2023 (premium levels being the highest in 2023) we expect placements in Q1 2024 to benefit from the largest percentage discount (maintaining the common 10-40% range of Q4 2023).

We expect pricing movements to vary by quarter for the reasons inferred above, and that in Q3-Q4 2024 we will see flat year-on-year pricing, and even increases will be experienced on some placements.

Global cyber insurer CFC have this month commented that:

Despite relatively abundant capacity available in the market, the claims environment should be sufficient to stop the significant downward pressure on pricing that we saw towards the end of last year.

Regarding self-insured retentions, we expect continued stability and options for clients in this respect, particularly in H1 2024 where competition for primary business is likely to be high.

Policy coverage

Looking back over H2 2023

The hot topic during all of 2023 has been the war exclusion and this has remained red hot in H2 2023.

During H2 Lloyd's made it clear to its syndicates that in 2024, there will be a strong link between each syndicates level of maturity in respect of non-natural catastrophe exposure management and their ability to offer certain categories (set-out by Lloyd's) of war exclusion.

WTW's Global Head of Cyber Coverage Andrew Hill authored the report 'War exclusions in cyber policies; the important details', this provides a helpful overview of the 2023 war exclusion dynamics addressing the controversies, and the WTW war exclusion.

In addition to the war exclusion, H2 2023 was a good time to seek coverage expansion options, in particular for a cyber incident impacting a company's key third party providers which then causes a direct business interruption impact for that company.

2024 Expectations

Due to the variables of reinsurance renewals and the mandate Lloyd's has given its syndicates in respect of modelling and managing their exposure, we expect there to be continued evolution of the war exclusion options on offer and to the purchasing habits concerning the same.

We anticipate that given these variables and their impact on insurers, its foreseeable that certain war exclusion clauses may come at a higher cost than others.

Demand for supply chain coverage is likely to remain high given that such risks have been highlighted by the 2023 Capita ransomware incident that impacted client services (outsourcing services), provided to public and private sector businesses1

Claims and notifications

Looking back over H2 2023

Several high-profile incidents occurred in H2 20232, such as:

  • MGM Resorts cyberattack (filings suggest losses of in excess of USD100m).
  • UK Electoral Commission (40,000,000 people exposed) – public notification August 2023.
  • 23andMe Data Leek – genetic testing company disclosed potentially millions of its customers data had been exposed.
  • DarkBeam – potentially 3.8 billion records exposed due to cyber security company leaving aninterface open

2024 Expectations

CFC's John Sinclair commented this month that:

We expect ransomware and extortion to continue to be the biggest source of claims in the large corporate space. The economic incentives for threat actors are such that we do not see this activity diminishing.

We expect ransomware and extortion to continue to be the biggest source of claims in the large corporate space. The economic incentives for threat actors are such that we do not see this activity diminishing.

In light of this, brokers and risk managers should expect to see the market continue to enforce minimum security standards with a greater focus on supply chain due diligence given the preponderance of attacks against software suppliers3

Given the scale, nature and severity of incidents witnessed throughout 2023, the current geopolitical landscape and the economic incentive for bad actors that Sinclair cites, it feels hard to argue with his predictions.

Insurance buyer sentiment appears to agree as global insurer Allianz notes in its 2024 Risk Barometer4 that "Cyber incidents (36% of overall responses) rank as the most important risk globally for the third year in a row – for the first time by a clear margin (5% points)" and that "Cyber incidents such as ransomware attacks, data breaches, and IT disruptions are the biggest worry for companies globally in 2024".


1. Kelion, L. (2023) 'Capita fined £1.1m for data breach that exposed staff details', BBC News, 15 December. Available at: Colchester City Council investigating Capita over 'serious data breach' Return to article undo

2. BCS (2023) 'The biggest cyber attacks of 2023', 29 December. Available at: The biggest cyber attacks of 2023 Return to article undo

3. CIR Magazine (2024) 'CFC comments on Allianz Risk Barometer 2024', 17 January. Available at: 2024 Predictions: Four key trends in large corporate cyber Return to article undo

4. Allianz (2024) 'Allianz Risk Barometer 2024: Business interruption, cyber incidents and pandemic outbreak top risks for companies in 2024', 16 January. Available at: Allianz Risk Barometer 2024 Return to article undo

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.