January 17, 2024
We also witnessed changes to the Cyber Insurance market itself as well as to the broader cyber threat landscape, which is ever changing and evolving as more and more businesses transition to a fully digital world of commerce.
Unfortunately over a third of large businesses have suffered a cyber-attack in the past year and with the rise of Artificial Intelligence (AI), Machine Learning and volatile political situations in areas such as the Middle East, cyber risk has grown exponentially and remains a major exposure for businesses across all sectors..
As with the cyber threat landscape, the Cyber Insurance market continues to evolve so what trends do we predict for the coming year?
Over the past year we have seen pricing on cyber insurance decline. This could be a result of increased capacity along with the higher levels of competition across SME and Mid-Markets.
According to Reuters, Cyber Insurance rates dropped around 10% by Q2 2023 and could be seen as a result of a correction of hikes in previous years post COVID.
However, according to Munich Re and S&P these rates will look to stabilise over 2024 and 2025 with a slight increase in rating across the next two years.
In 2023, we saw “inside out” underwriting taking main stage with vulnerability scanning of domains and the like forming the main basis of risk underwriting. Whilst there is always a place for face-to-face broking and manual submissions, underwriters will continue to develop new methods in understanding insured profiles.Over the next 12 months, I anticipate an increase in the thoroughness of vulnerability scans. Additionally, I expect a wider incorporation of AI in influencing underwriting decisions, and underwriters to become more stringent in their expectations concerning the cybersecurity processes of insured clients.
Looking back we have also seen many new entrants into the cyber market via new MGAs and North American insurers looking to break into the UK Market. With additions such as Coalition, Cowbell, and Onda to name a few, brokers have had many more open market opportunities to place business.
The increase in competition has allowed insurers to become a lot more flexible in respect of premium and coverage which bodes well for the wants and needs of the insured.
As we move into 2024, I see this trend continuing with further new entrants in the market in the form of MGAs and the increased number of Delegated Authority products available.
Cyber security requirements
Insurer’s appetites are continuing to evolve, not only in terms of the trades they write, limits and premiums, but also the requirements on insured clients to maintain high level risk management processes and “cyber hygiene”.
With the increasing sophistication of cyber attacks I see it becoming mandatory for the insured client to maintain, multi-factor authentication (MFA), privileged access management (PAM), endpoint detection and response (EDR) and virtual private networks (VPN). As requirements increase it becomes extremely important for the broker client to be diligently aware of policy clauses and clearly communicate terms to the insured client.
In October 2021 the Solicitors Regulation Authority (SRA) amended their minimum terms and conditions for Solicitor’s PI cover to require insurers to clearly state that cyber exposures are not covered by Professional Indemnity policies. Emphasising the significant exposure cyber poses to businesses.
In 2022 and 2023, anecdotally, I’ve seen a large increase in clients across industries mandating contracts which require Cyber Insurance to be able to work with their respective partners.
Over the course of 2024, I can see this trend continuing, requiring PI & Liability insurances to be accompanied by a Cyber policy. I also anticipate that other regulatory bodies akin to the SRA will require their members to hold Cyber Insurance or further highlight the risk of not having such cover in place.
Resurgence of phishing
Ransomware is continually in the spotlight when it comes to cyber risk and whilst it remains a large exposure for those transacting in the digital world, I want to highlight the potential resurgence of phishing scams going into 2024.
With the increasing sophistication of online tools that assist with “Consent Phishing” and “Helpdesk Phishing”, the rise of AI image and text generation to improve brand personalisation, phishing scams will become even more realistic and be a threat to even the most cyber savvy individuals.
Education & awareness
As we continue to transact business in a modern digital environment, more of our colleagues and staff have become aware of the potential risks involved conducting business online. Corporations provide cyber education through seminars and webinar along with simulated phishing attacks and tests for their staff. However, human error remains one of the main reasons for cyber-attacks.
I expect the education piece to become a more prominent part of underwriting, where simulated phishing attacks, educational seminars and cyber awareness training start to become a mandatory risk management feature required by insurers. I also anticipate business and regulatory bodies requiring cyber training as part of CPD requirements of their members.
The landscape of Cyber and Technology Insurance is poised for dynamic shifts in 2024 and beyond. As the industry witnesses rate stabilisation, innovative underwriting practices continue to develop, and an influx of new entrants, the focus on cybersecurity requirements will continue to increase from a regulators and insurers. The vital role of education and awareness in mitigating risks will not only be best practice for business but underpin their policy and it’s essential that they are covered by in-house cyber risk processes.
Despite the unpredictability of digital and global environments, one constant remains—the imperative need for Cyber Insurance in safeguarding businesses. As we navigate the complex cyber terrain, embracing these trends and proactively addressing emerging threats becomes paramount for ensuring a resilient and secure digital future.
I’d love to hear your thoughts or predictions for the 2024 Cyber Insurance market or should you require any assistance in placing a cyber risk in the London or Lloyd’s market, feel free to get in touch at email@example.com or +44(0)207 8469000.