Upcoming Virtual Event: Cloud Security Summit | July 17 - Register Now
Connect with us

Hi, what are you looking for?


Cyber Insurance

Cyberinsurance Premiums are Going Down: Here’s Why and What to Expect

The change in premium rates is more likely to be the insurers’ correction than the insureds’ improvement in security.

Cyberinsurance Premiums

Cyberinsurance is getting cheaper, with premiums falling around 15% since they peaked in 2022. Commenting on a report from broker Howden, Reuters suggests business has become more adept in curbing losses from cybercrime.

“Added security such as multifactor authentication has helped to protect companies’ data, reducing insurance claims,” writes Reuters on July 1, 2024. It would be good if this were true, but most things are usually more complex than they first appear.

Cyberinsurance premiums increased rapidly in 2021 and 2022. The insurers got their sums wrong through an insufficient understanding of the cybercrime market. They were forced to redefine a cyberwar exclusion clause, increase denials and exclusions, and hike premiums. Now premiums are declining again.

“Fewer companies are willing to invest a considerable amount of money in cyberinsurance after a bad experience when insurance coverage was denied for various reasons and contractual clauses subtly incorporated into the insurance agreement,” comments Ilia Kolochenko, partner & cybersecurity practice lead at Platt Law LLP, and CEO at ImmuniWeb.

Now the cyberinsurance industry is becoming more mature with better actuarial understanding of the risks, he adds. The implication is that improved security from the insureds, better understanding of security from the insurers, and a more discerning marketplace is forcing the insurers to reduce premiums to maintain market share.

This is partly true, but it is important to understand the insurance industry is more accustomed to creating market conditions than it is to responding to them. Its purpose is to cover loss. Neither the insurance industry nor the entire cybersecurity industry can prevent breaches; but breach prevention is less important than loss reduction for the insurer. In the past, this loss reduction was achieved by increasing exclusions. There is little evidence that security is preventing breaches, nor its own resilience is seriously reducing loss.

The change in premium rates is more likely to be the insurers’ correction than the insureds’ improvement in security. “What we are likely seeing with lower premiums is a consequence of several factors: the insurance market’s cyclical nature, now with more capacity in the market, combined with self-insurance retentions covering many of the frequency losses,” suggests Marko Polunic, MD at Fenix24. The missing key to understanding what is happening is that term, ‘the insurance market’s cyclical nature’.

The insurance cycle is described in Wikipedia as “a term describing the tendency of the insurance industry to swing between profitable and unprofitable periods over time…” Such swings are common to all businesses but are particularly relevant to insurance.

Advertisement. Scroll to continue reading.

Within this insurance cycle, the swing is between a ‘hard market’ and a ‘soft market’. Howden defines it thus: “In simple terms, [a soft market] is when there is a lot of insurance capacity, and rates are low. Conversely, a hard market is when insurance capacity is reduced and premium rates are high.” Noticeably, the state of the insured does not figure.

Insurance Cycle
Source: B4, November 2020

“Insurance markets (cyber, property, D&O, etc) tend to run through rating cycles,” explains George Mawdsley, head of risk solutions at DeNexus. “What makes cyber unique is that there is material uncertainty around how big the ‘Big Storms’ can get, which means capital allocators will make conservative assumptions on max downside or will not invest. Given the strong growth projections (demand) for the cyber insurance market, we expect this dynamic to drive up prices over the long term.”

“Insurance is and will continue to be cyclical, and we are seeing those cycles play out here,” concludes Polunic.

In other words, do not expect the current lower premiums to continue. Markets are unstable, and the insurance market is exceptionally unstable. This is just a correction. Because of the current state of the insurance cycle, the cost of insurance is lower. The next correction will likely see premiums increase again – and because of the inherent instability of the cyber market, it may be sooner than we expect.

Related: Talking Cyberinsurance With Munich Re

Related: The Wild West of the Nascent Cyberinsurance Industry

Related: Cyber Insights 2023 | Cyberinsurance

Related: The Reality of Cyberinsurance in 2023

Related: UK Think Tank Proposes Greater Ransomware Reporting From Cyberinsurance to Government

Written By

Kevin Townsend is a Senior Contributor at SecurityWeek. He has been writing about high tech issues since before the birth of Microsoft. For the last 15 years he has specialized in information security; and has had many thousands of articles published in dozens of different magazines – from The Times and the Financial Times to current and long-gone computer magazines.

Click to comment


Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Learn how to utilize tools, controls, and design models needed to properly secure cloud environments.


Event: ICS Cybersecurity Conference

The leading industrial cybersecurity conference for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.


People on the Move

Craig Boundy has left Experian to join McAfee as President and CEO.

Forcepoint has promoted Ryan Windham from Chief Customer and Strategy Officer to Chief Executive Officer.

ICS and OT cybersecurity solutions provider TXOne Networks appointed Stephen Driggers as its new CRO.

More People On The Move

Expert Insights