This is a half-year update of the GB cyber insurance market in H1 2024, providing analysis and insights for buyers and stakeholders, covering market trends, pricing, capacity, coverage, claims, and notable cyber incidents, and highlighting both a volatile cyber risk environment but also favourable conditions and opportunities for cyber insurance purchasers.
How to utilise these insights
Understanding market trends:
- Assess: Evaluate your current cyber insurance programs against the latest market conditions and risk landscape.
- Anticipate changes: Use premium, capacity and incident insights to inform your cyber insurance purchasing decisions.
Inform Strategic Decisions:
- Optimise purchase timing: Capitalise on the current buyer's market to purchase coverage or consider purchasing extra capacity, as cyber risk remains high
- Adjust coverage strategically: Consider how new offerings and enhancements may benefit your cyber insurance program.
- Enterprise risk considerations: Reflect on global Directors' & Officers' sentiment that cyber is a clear and present risk for those in the boardroom
Key observations from H1 include:
- 2 Systemic risk events: Change Healthcare (ransomware attack) a notable systemic event related to the supply chain occurred in addition to the July global technology outage attributed to CrowdStrike, highlighting the fragility of our interconnected IT systems (8.5million machines effected), with Airlines, banks, healthcare, and more being impacted
- Enhanced buying conditions: The quarter witnessed a continuation of exceptionally favourable conditions for purchasers. The cyber market saw very competitive rates and pricing, alongside a plethora of policy options being available when extracted by market leading broking teams
- Buoyant market capacity: Capacity availability remained very high, supporting ultra competitive market conditions, continuing the trend from the latter half of 2023.
- Significant pricing reductions: Clients commonly secured substantial pricing decreases, with double-digit reductions continuing to be the norm, echoing the trends observed in the second half of 2023.
- Expanded policy coverage: Coverage for risks such as supply chain business interruption was increasingly sought after by clients and has been increasingly available
- Flexible underwriting: Insurers demonstrated a greater readiness to provide quotes with less comprehensive underwriting information compared to previous years and even 2023.
Cyber insurance market trends
Cyber insurance market capacity
H1 2024 saw very strong competition from insurers to deploy capacity on both primary and excess layers, including in sectors that were historically less attractive to some insurers. This was good news for existing and new cyber insurance buyers, giving them a range of options to purchase new policy coverage and/or limits.
WTW's CyXS facility continues to serve new clients during H1. The CyXS facility is now able to offer limits of up to USD/GBP75m with the CyXS Restore (reinstatement) option continuing to be available as well as a new option for Cyber Property Damage cover.
WTW's CyCore facility for UK domiciled businesses has also seen significant volumes of new buyers in H1 2024, the highest since the facilities creation four years ago, demonstrating a keen demand from clients to capitalise on the combined benefits of the facility offering and attractive buying conditions to transfer this material risk to the insurance market.
Premiums and self-insured retentions
Double digit premium reductions were often available during H1 2024; however, this is not the default position and was influenced by several factors, particularly the existing premium level.
However, there were exceptions to these trends, with some insurers (including incumbents) walking away from business due to concerns regarding price adequacy, given compound year on year significant pricing reductions.
In terms of self-insured retentions, insurers are often willing to provide alternative lower options/structures, particularly where this mitigates the level of premium reduction (trading a lower retention for a more modest premium reduction).
H1 2024 saw very strong competition from insurers to deploy capacity on both primary and excess layers...
Overall, the cyber insurance market during H1 2024 was a very favorable environment for buyers and meaning that now is an attractive time for new cyber insurance buyers to benefit from these conditions.
Overall, the cyber insurance market during H1 2024 was a very favorable environment for buyers…
Policy coverage
Coverage for system failure as a loss trigger has come into sharp focus following the Microsoft/Crowdstrike event in July 2024, which Microsoft believes has affected 8.5 million devices globally, across a wide range of industries (banking, air travel, hospitals, supermarkets and many others).
Coverage for supply chain business interruption risk has remained a key area of focus for our clients during H1 2024, against a backdrop of such supply chain events continuing to surface in the public domain.
During H1 WTW had a new war exclusion approved by the Lloyd's Market Association (LMA), which has provided a meaningful new option for our clients across the globe already, owing to its straightforward structure and language.
Coverage for supply chain business interruption risk has remained a key area of focus for our clients during H1 2024
Claims and notifications
Given the unique nature of the CrowdStrike event on 21st July, where a company engaged by many organizations globally as part of their protections against hackers/malicious actors, inadvertently led to significant outages of these corporations IT environments, we would suggest reading the WTW client alert on the event.
This incident serves as a stark reminder that cyber risks can be mitigated but often not removed, underlining that risk treatment should go hand in hand with transferring the inevitable residual cyber risks a business faces.
The magnitude of such residual risks is underlined as CrowdStrike's CEO has since been called to testify in front of Congress about the outage. With Congress stating "This incident must serve as a broader warning about the national security risks associated with network dependency" in its letter scheduling the hearing.
The CrowdStrike event follows hot on the heels of the Change Healthcare Ransomware Attack, which resulted in the delay of payments running into billions of dollars and widespread impact to care providers and patients across the United States.
Cyber and Directors' and Officers' risks intertwined?
This year's report highlighted again that Cyber-attack and Data Loss remain high on the risk agenda for directors and officers having been identified as 2 of the top 3 facing their organizations.
In this rapidly evolving digital landscape, the intersection of cyber risks and the responsibilities of directors and officers has never been more critical. Our 2024 Cyber In Focus report, which collected responses from directors and risk managers in 52 countries around the world, delves into the nuances of cyber risk governance, incident response, and cyber insurance, offering insights to help businesses navigate this complex terrain.
This year's report highlighted again that Cyber-attack and Data Loss remain high on the risk agenda for directors and officers having been identified as two of the top three facing their organizations.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.