Key Predictions & Trends for the UK Cyber & Technology Insurance market for 2024
Key Predictions & Trends for the UK Cyber & Technology Insurance market for 2024
Key Predictions & Trends for the UK Cyber & Technology Insurance market for 2024
17 Jan 2024
2023 was a great year for Servca in the Cyber Insurance market. We established a fully-fledged product offering, opened 35+ new markets and exceeded our annual targets two-fold.
We also witnessed changes to the Cyber Insurance market itself as well as to the broader cyber threat landscape, which is ever changing and evolving as more and more businesses transition to a fully digital world of commerce.
Unfortunately over a third of large businesses have suffered a cyber-attack in the past year and with the rise of Artificial Intelligence (AI), Machine Learning and volatile political situations in areas such as the Middle East, cyber risk has grown exponentially and remains a major exposure for businesses across all sectors.[1].
As with the cyber threat landscape, the Cyber Insurance market continues to evolve so what trends do we predict for the coming year?
Rate stabilisation
Over the past year we have seen pricing on cyber insurance decline. This could be a result of increased capacity along with the higher levels of competition across SME and Mid-Markets.
According to Reuters, Cyber Insurance rates dropped around 10% by Q2 2023 and could be seen as a result of a correction of hikes in previous years post COVID[2].
However, according to Munich Re and S&P these rates will look to stabilise over 2024 and 2025 with a slight increase in rating across the next two years[3].
Innovative underwriting
In 2023, we saw “inside out” underwriting taking main stage with vulnerability scanning of domains and the like forming the main basis of risk underwriting. Whilst there is always a place for face-to-face broking and manual submissions, underwriters will continue to develop new methods in understanding insured profiles.Over the next 12 months, I anticipate an increase in the thoroughness of vulnerability scans. Additionally, I expect a wider incorporation of AI in influencing underwriting decisions, and underwriters to become more stringent in their expectations concerning the cybersecurity processes of insured clients.
New entrants
Looking back we have also seen many new entrants into the cyber market via new MGAs and North American insurers looking to break into the UK Market. With additions such as Coalition, Cowbell, and Onda to name a few, brokers have had many more open market opportunities to place business.
The increase in competition has allowed insurers to become a lot more flexible in respect of premium and coverage which bodes well for the wants and needs of the insured.
As we move into 2024, I see this trend continuing with further new entrants in the market in the form of MGAs and the increased number of Delegated Authority products available.
Cyber security requirements
Insurer’s appetites are continuing to evolve, not only in terms of the trades they write, limits and premiums, but also the requirements on insured clients to maintain high level risk management processes and “cyber hygiene”.
With the increasing sophistication of cyber attacks I see it becoming mandatory for the insured client to maintain, multi-factor authentication (MFA), privileged access management (PAM), endpoint detection and response (EDR) and virtual private networks (VPN). As requirements increase it becomes extremely important for the broker client to be diligently aware of policy clauses and clearly communicate terms to the insured client.
Regulatory requirements
In October 2021 the Solicitors Regulation Authority (SRA) amended their minimum terms and conditions for Solicitor’s PI cover to require insurers to clearly state that cyber exposures are not covered by Professional Indemnity policies. Emphasising the significant exposure cyber poses to businesses.
In 2022 and 2023, anecdotally, I’ve seen a large increase in clients across industries mandating contracts which require Cyber Insurance to be able to work with their respective partners.
Over the course of 2024, I can see this trend continuing, requiring PI & Liability insurances to be accompanied by a Cyber policy. I also anticipate that other regulatory bodies akin to the SRA will require their members to hold Cyber Insurance or further highlight the risk of not having such cover in place.
Resurgence of phishing
Ransomware is continually in the spotlight when it comes to cyber risk and whilst it remains a large exposure for those transacting in the digital world, I want to highlight the potential resurgence of phishing scams going into 2024.
With the increasing sophistication of online tools that assist with “Consent Phishing” and “Helpdesk Phishing”, the rise of AI image and text generation to improve brand personalisation, phishing scams will become even more realistic and be a threat to even the most cyber savvy individuals.
Education & awareness
As we continue to transact business in a modern digital environment, more of our colleagues and staff have become aware of the potential risks involved conducting business online. Corporations provide cyber education through seminars and webinar along with simulated phishing attacks and tests for their staff. However, human error remains one of the main reasons for cyber-attacks.
I expect the education piece to become a more prominent part of underwriting, where simulated phishing attacks, educational seminars and cyber awareness training start to become a mandatory risk management feature required by insurers. I also anticipate business and regulatory bodies requiring cyber training as part of CPD requirements of their members.
Conclusion
The landscape of Cyber and Technology Insurance is poised for dynamic shifts in 2024 and beyond. As the industry witnesses rate stabilisation, innovative underwriting practices continue to develop, and an influx of new entrants, the focus on cybersecurity requirements will continue to increase from a regulators and insurers. The vital role of education and awareness in mitigating risks will not only be best practice for business but underpin their policy and it’s essential that they are covered by in-house cyber risk processes.
Despite the unpredictability of digital and global environments, one constant remains—the imperative need for Cyber Insurance in safeguarding businesses. As we navigate the complex cyber terrain, embracing these trends and proactively addressing emerging threats becomes paramount for ensuring a resilient and secure digital future.
We also witnessed changes to the Cyber Insurance market itself as well as to the broader cyber threat landscape, which is ever changing and evolving as more and more businesses transition to a fully digital world of commerce.
Unfortunately over a third of large businesses have suffered a cyber-attack in the past year and with the rise of Artificial Intelligence (AI), Machine Learning and volatile political situations in areas such as the Middle East, cyber risk has grown exponentially and remains a major exposure for businesses across all sectors.[1].
As with the cyber threat landscape, the Cyber Insurance market continues to evolve so what trends do we predict for the coming year?
Rate stabilisation
Over the past year we have seen pricing on cyber insurance decline. This could be a result of increased capacity along with the higher levels of competition across SME and Mid-Markets.
According to Reuters, Cyber Insurance rates dropped around 10% by Q2 2023 and could be seen as a result of a correction of hikes in previous years post COVID[2].
However, according to Munich Re and S&P these rates will look to stabilise over 2024 and 2025 with a slight increase in rating across the next two years[3].
Innovative underwriting
In 2023, we saw “inside out” underwriting taking main stage with vulnerability scanning of domains and the like forming the main basis of risk underwriting. Whilst there is always a place for face-to-face broking and manual submissions, underwriters will continue to develop new methods in understanding insured profiles.Over the next 12 months, I anticipate an increase in the thoroughness of vulnerability scans. Additionally, I expect a wider incorporation of AI in influencing underwriting decisions, and underwriters to become more stringent in their expectations concerning the cybersecurity processes of insured clients.
New entrants
Looking back we have also seen many new entrants into the cyber market via new MGAs and North American insurers looking to break into the UK Market. With additions such as Coalition, Cowbell, and Onda to name a few, brokers have had many more open market opportunities to place business.
The increase in competition has allowed insurers to become a lot more flexible in respect of premium and coverage which bodes well for the wants and needs of the insured.
As we move into 2024, I see this trend continuing with further new entrants in the market in the form of MGAs and the increased number of Delegated Authority products available.
Cyber security requirements
Insurer’s appetites are continuing to evolve, not only in terms of the trades they write, limits and premiums, but also the requirements on insured clients to maintain high level risk management processes and “cyber hygiene”.
With the increasing sophistication of cyber attacks I see it becoming mandatory for the insured client to maintain, multi-factor authentication (MFA), privileged access management (PAM), endpoint detection and response (EDR) and virtual private networks (VPN). As requirements increase it becomes extremely important for the broker client to be diligently aware of policy clauses and clearly communicate terms to the insured client.
Regulatory requirements
In October 2021 the Solicitors Regulation Authority (SRA) amended their minimum terms and conditions for Solicitor’s PI cover to require insurers to clearly state that cyber exposures are not covered by Professional Indemnity policies. Emphasising the significant exposure cyber poses to businesses.
In 2022 and 2023, anecdotally, I’ve seen a large increase in clients across industries mandating contracts which require Cyber Insurance to be able to work with their respective partners.
Over the course of 2024, I can see this trend continuing, requiring PI & Liability insurances to be accompanied by a Cyber policy. I also anticipate that other regulatory bodies akin to the SRA will require their members to hold Cyber Insurance or further highlight the risk of not having such cover in place.
Resurgence of phishing
Ransomware is continually in the spotlight when it comes to cyber risk and whilst it remains a large exposure for those transacting in the digital world, I want to highlight the potential resurgence of phishing scams going into 2024.
With the increasing sophistication of online tools that assist with “Consent Phishing” and “Helpdesk Phishing”, the rise of AI image and text generation to improve brand personalisation, phishing scams will become even more realistic and be a threat to even the most cyber savvy individuals.
Education & awareness
As we continue to transact business in a modern digital environment, more of our colleagues and staff have become aware of the potential risks involved conducting business online. Corporations provide cyber education through seminars and webinar along with simulated phishing attacks and tests for their staff. However, human error remains one of the main reasons for cyber-attacks.
I expect the education piece to become a more prominent part of underwriting, where simulated phishing attacks, educational seminars and cyber awareness training start to become a mandatory risk management feature required by insurers. I also anticipate business and regulatory bodies requiring cyber training as part of CPD requirements of their members.
Conclusion
The landscape of Cyber and Technology Insurance is poised for dynamic shifts in 2024 and beyond. As the industry witnesses rate stabilisation, innovative underwriting practices continue to develop, and an influx of new entrants, the focus on cybersecurity requirements will continue to increase from a regulators and insurers. The vital role of education and awareness in mitigating risks will not only be best practice for business but underpin their policy and it’s essential that they are covered by in-house cyber risk processes.
Despite the unpredictability of digital and global environments, one constant remains—the imperative need for Cyber Insurance in safeguarding businesses. As we navigate the complex cyber terrain, embracing these trends and proactively addressing emerging threats becomes paramount for ensuring a resilient and secure digital future.
Global Headquarters
Servca Group
Dukes House
32-38 Dukes Place
5th Floor
London, EC3A 7LP
United Kingdom
+44 (0) 207 2250000
info@servca.com
Broker at Lloyd’s SLM1389
European Office
Servca Europe
Dragonara Business Centre
Dragonara Road
5th Floor
St Julian’s, STJ 3141
Republic of Malta
eu@servca.com
Broker at Lloyd’s (Brussels) SLM1883
Canadian Office
Servca Canada Insurance Group Inc
40 King Street West
Suite 2100
Toronto
M5H 3C2
Canada
canada@servca.com
Non-regulated servicing company
Northern Ireland
Servca Northern Ireland
River House Belfast
48-60 High Street
Belfast
BT1 2BE
+44 (0) 2895582000
ni@servca.com
Broker at Lloyd’s SLM1389
© 2024 Servca
Servca Group Ltd is a private limited company registered in England and Wales; Registered Number: 7727494; Registered Office: Dukes House, 32-38 Dukes Place, 5th Floor, London, EC3A 7LP, United Kingdom. Authorised and regulated by the Financial Conduct Authority. Servca European Insurance Brokers Ltd (a private limited company incorporated in Malta and enrolled to act as an insurance broker); Tower Business Centre, Level 3, Tower Street, Swatar, BKR, 4013, Republic of Malta. Servca Canada Insurance Group Inc, a private limited company incorporated at 40 King Street West, Suite 2100, Toronto, M5H 3C2, Canada. Servca group of companies are owned and operated by Servca Group Holdings Ltd, a private limited company registered in England & Wales.
Global Headquarters
Servca Group
Dukes House
32-38 Dukes Place
5th Floor
London, EC3A 7LP
United Kingdom
+44 (0) 207 2250000
info@servca.com
Broker at Lloyd’s SLM1389
European Office
Servca Europe
Dragonara Business Centre
Dragonara Road
5th Floor
St Julian’s, STJ 3141
Republic of Malta
eu@servca.com
Broker at Lloyd’s (Brussels) SLM1883
Canadian Office
Servca Canada Insurance Group Inc
40 King Street West
Suite 2100
Toronto
M5H 3C2
Canada
canada@servca.com
Non-regulated servicing company
Northern Ireland
Servca Northern Ireland
River House Belfast
48-60 High Street
Belfast
BT1 2BE
+44 (0) 2895582000
ni@servca.com
Broker at Lloyd’s SLM1389
© 2024 Servca
Servca Group Ltd is a private limited company registered in England and Wales; Registered Number: 7727494; Registered Office: Dukes House, 32-38 Dukes Place, 5th Floor, London, EC3A 7LP, United Kingdom. Authorised and regulated by the Financial Conduct Authority. Servca European Insurance Brokers Ltd (a private limited company incorporated in Malta and enrolled to act as an insurance broker); Tower Business Centre, Level 3, Tower Street, Swatar, BKR, 4013, Republic of Malta. Servca Canada Insurance Group Inc, a private limited company incorporated at 40 King Street West, Suite 2100, Toronto, M5H 3C2, Canada. Servca group of companies are owned and operated by Servca Group Holdings Ltd, a private limited company registered in England & Wales.
Global Headquarters
Servca Group
Dukes House
32-38 Dukes Place
5th Floor
London, EC3A 7LP
United Kingdom
+44 (0) 207 2250000
info@servca.com
Broker at Lloyd’s SLM1389
European Office
Servca Europe
Dragonara Business Centre
Dragonara Road
5th Floor
St Julian’s, STJ 3141
Republic of Malta
eu@servca.com
Broker at Lloyd’s (Brussels) SLM1883
Canadian Office
Servca Canada Insurance Group Inc
40 King Street West
Suite 2100
Toronto
M5H 3C2
Canada
canada@servca.com
Non-regulated servicing company
Northern Ireland
Servca Northern Ireland
River House Belfast
48-60 High Street
Belfast
BT1 2BE
+44 (0) 2895582000
ni@servca.com
Broker at Lloyd’s SLM1389
© 2024 Servca
Servca Group Ltd is a private limited company registered in England and Wales; Registered Number: 7727494; Registered Office: Dukes House, 32-38 Dukes Place, 5th Floor, London, EC3A 7LP, United Kingdom. Authorised and regulated by the Financial Conduct Authority. Servca European Insurance Brokers Ltd (a private limited company incorporated in Malta and enrolled to act as an insurance broker); Tower Business Centre, Level 3, Tower Street, Swatar, BKR, 4013, Republic of Malta. Servca Canada Insurance Group Inc, a private limited company incorporated at 40 King Street West, Suite 2100, Toronto, M5H 3C2, Canada. Servca group of companies are owned and operated by Servca Group Holdings Ltd, a private limited company registered in England & Wales.