Our latest GB cyber market update highlights market trends, pricing, capacity, coverage, claims, and notable incidents in H2 2024.
This is a half-year update of the GB cyber insurance market in H2 2024, providing analysis and insights for buyers and stakeholders, covering market trends, pricing, capacity, coverage, claims, and notable cyber incidents, highlighting both a turbulent cyber risk environment, counterbalanced with very favourable buying conditions for cyber insurance.
How to utilise these insights
01
Understanding market trends
Assess: Evaluate your current cyber insurance programmes against the latest market conditions and risk environment
Anticipate changes: Use premium, capacity and incident insights to inform your cyber insurance purchasing decisions
02
Inform strategic decisions
Optimise purchase timing: Capitalise on the current buyer's market to purchase coverage or consider purchasing extra capacity, as cyber risk exposure remains very dynamic
Enhance coverage strategically: Consider how new offerings and enhancements may benefit your cyber insurance programme
Enterprise risk considerations: decisions concerning the treatment and transfer of cyber risk remains a C-Suite enterprise-level risk for boardrooms across the globe, with many planning to add cyber coverage in 2025 (according to a survey of 500 risk decision making business leaders)1
03
Key observations from H2 include
Largest ransom payment in history: Extortionists demanded $150m from drug distributors, ultimately securing a whopping $75m2
More supply chain attacks: 4,000 clients of enterprise software developer may be impacted by cyber attack in Q4 20243
Significant pricing reductions: Clients commonly secured substantial pricing decreases, with double-digit reductions continuing to be the norm
Enhanced buying conditions: H2 witnessed a continuation of exceptionally favourable conditions, precipitating very competitive rates and pricing, alongside a plethora of policy options being available, when brokers utilise available market leverage
Buoyant market capacity: Capacity availability remained very high, supporting ultra- competitive market conditions, continuing the trend prevalent since the latter half of 2023
Expanded policy coverage: Coverage for risks such as supply chain business interruption was increasingly sought after by clients following several 2024 incidents of this nature, such as a that on CDK, a software firm that 15,000 US car dealerships rely on4
Flexible underwriting: Insurers demonstrated a greater readiness to provide quotes based on concise underwriting information, focusing on the most critical pieces of information.
Cyber insurance market capacity
Looking back over H2 2024
The inflow of capital into the cyber insurance market continued throughout H2 2024. October saw Beazley launch their new Quantum consortium,5 offering up to USD100m of cyber capacity. Beazley followed this up later in October with another consortium named Flex, which allows them to combine civil liability, crime/fraud and cyber cover for financial institutions into one single policy with capacity of up to €50M/USD50M.6
Beazley's new offerings add to existing cyber consortia such as Brit cyber attack plus (BCAP),7 Brit First 508 and Munich Re stream, the latter of which offers up to USD215m of capacity.9
H2 2024 saw very strong competition from insurers across the cyber market. This was good news for existing and new cyber insurance buyers, giving them a range of options to purchase new policy coverage and/or limits from a marketplace with strong and persistent competitive tension.
2025 Expectations
As capacity has flowed into the cyber insurance market consistently over the past 3 years it feels safe to predict that capacity will remain plentiful in 2025.
Given the scale of available capacity we expect 2025 to generate as much competition across the marketplace as was witnessed in 2024, with the aforementioned Quantum, First50 and Flex consortiums only adding further competitive tension.
Due to the number of participants active in the cyber market, only insurers who have the most compelling propositions are likely to differentiate themselves in comparison to those who are more akin to a commodity proposition.
Premiums and self-insured retentions
Looking back over H2 2024
Double digit premium reductions were often available during H2 2024; with a number of clients achieving reductions in both H2 2023, and H2 2024.
However, there were exceptions to these trends, with some insurers walking away from business due to concerns regarding price adequacy, given compound year on year significant pricing reductions.
In terms of self-insured retentions, insurers are often willing to provide alternative lower options/structures, particularly where this mitigates the level of premium reduction (trading a lower retention for a more modest premium reduction).
Overall, the cyber insurance market during H2 2024 was a very favourable environment for buyers.
2025 Expectations
Further premium reductions are expected in 2025 due to the over-arching 'soft' market conditions and that early signs point to soft reinsurance renewal conditions for insurers renewing their own programmes on 1st January 2025.
However, given the compound pricing reductions in recent years we do expect that insurers will do all they can to counter such further downward pressure, citing the volume of and increasing value of claims.
As insurers interest will most commonly be the status quo, the role of the cyber broker to achieve the best outcome for a client will be critical in 2025.
Policy coverage
Looking back over H2 2024
Coverage for supply chain business interruption risk has remained a key area of focus for clients throughout 2024, against a backdrop such supply chain events continuing to surface in the public domain, such as Change Healthcare ransomware attack10, Mircosoft/Crowdstrike system failure event11 and CDX ransomware incident.12
Due to the realities of global interconnectivity / often invisible supply-chain bottlenecks, it is unsurprising that cyber buyers have sought broader coverage to transfer such risk, as the ability to meaningfully manage exposure to it is very limited.
It is unsurprising that cyber buyers have sought broader coverage to transfer risk, as the ability to meaningfully manage exposure to it is very limited.
2025 Expectations
Systemic and supply chain risks look set to remain firmly intertwined in 2025, as a result we expect the demand for coverage against such risks to be higher than ever this year. Due to the exposure this presents for insurers, there will be a strong push from the likes of major reinsurers to obtain more consistent underwriting metrics in to further model portfolio-wide exposure.
89%Plan to expand their cyber insurance coverage
The challenges connected to these exposures appear to be front of mind for executives, with Chubb's 2025 report Risk Decisions 360°: Emerging Risks That Can Impede Sustainable Company Growth13 noting that Over 89% of executives (from the 500 surveyed) plan to expand their cyber insurance coverage to address the increasing threat of technological vulnerabilities. Those executives acknowledge the challenge of effectively managing the breadth of emerging and evolving risks, with more than one-third believing that their company isn't either extremely or very effective at mitigating risk.
Claims and notifications
Looking back over H2 2024
In September further details regarding the largest cyber ransom paid to date were reported publicly, with hacking group dark angels being paid $75m by a major US drug distributor. The initial ransom demand was reported as $150m.
Reportedly the Dark Angels group employs a highly targeted approach, typically attacking a single large company at a time, such as in 2023, when they demanded $51 million after exploiting international conglomerate Johnson Controls.14
H2 brought another supply chain cyber attack, with enterprise software developer Cleo, with ransomware gang Cl0p exploiting vulnerabilities affecting the Harmony, VLTrader, and LexiCom file transfer tools. As Cleo has in excess of 4,000 clients the ripple-effect of such attacks appears to be significant.15
In August a US background check firm (National Public Data) confirmed after months of confusion it had suffered a data breach (at the hands of hacking group USDoD), resulting in a number of class-action lawsuits against it. Ultimately its parent company Jerico Pictures filed for bankruptcy on 2nd October 2024.16
2025 Expectations
The connection between global connectivity/supply chains and systemic risk is not going anywhere as 2024 demonstrated, and when things went wrong the impact has been and will be huge, such as the 8.5m windows machines across the globe that were impaired on 19th July 2024 when CrowdStrike suffered its outage.
If 2025 delivers even one such event that lasts more than a few hour this time (such as the same incident but perpetrated by a ransomware gang), the impact enterprises across the globe could be huge, just as the Cleo supply chain incident may well be for many of their 4,000 clients, leaving C-suite executives to justify their understanding of such exposures, and as a result why they transferred as much or little (or none) of this risk to such a buyer friendly cyber insurance market.
Footnotes
2 The block.
3 RansomwareCl0p Ransomware Group to Name Over 60 Victims of Cleo Attack.
4 How did the auto dealer outage end? CDK almost certainly paid a $25 million ransom.
5 Beazley launches new combined cyber and financial institutions consortium.
6 Beazley adds to its cyber capabilities with launch of 'Beazley Quantum'.
8 Brit launches Brit Cyber First50 to expedite placement of large cyber risks.
10 Change Healthcare Ransomware Attack: Data Review "Substantially Complete".
12 CDK Ransomware Attack Highlights Growing Threat Of Third-Party Risk: Experts.
13 News Releases.
15 Cl0p Ransomware Group to Name Over 60 Victims of Cleo Attack.
16 Cl0p National Public Data files for bankruptcy, admits 'hundreds of millions' potentially affected.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.
