The cyber insurance market has seen substantial growth and transformation in the first half of 2024, with the global market size expanding to $20.88 billion in 2024 from $16.66 billion in 2023, according to a recent report by Fortune Business Insights.  

This expansion signifies a shift from the hard market phases of 2020-2022 to a more competitive landscape where carriers are offering lower rates and more comprehensive policies. 

An analysis from specialty insurance provider Flow noted insurance providers are increasingly leveraging advanced technological tools for risk assessment and cybersecurity services, marking a significant trend toward integrated cyber risk management. 

However, a study from Munich RE indicated there is still an elevated proportion of uninsured cyber risks, with 87% of managers surveyed admitting their company is not adequately protected.  

The threat landscape continues to evolve with emerging threats such as ransomware, AI-driven attacks and supply chain vulnerabilities. Verizon’s 2024 Data Breach Investigations Report identified 5,175 breach incidents, with 3,803 involving confirmed data disclosure. 

Ransomware and other forms of extortion are prevalent in 92% of industries, accounting for 23% of all breaches, while system intrusions make up 36%. 

The Flow report noted market capacity for cyber insurance is expanding, with insurers offering more varied and comprehensive policies. 

Caroline Thompson, chief underwriting officer at Cowbell, noted that in the last few years, there has been an increase in players selling cyber insurance, which is the main reason for the increased competition. 

“Additionally, companies and individuals are becoming desensitized to the cyber threat landscape, resulting in a slowdown of new buyers,” she said. 

Thompson recommended businesses should remain cyber vigilant and nurture practices that build cyber resilience, which includes cyber insurance and cyber risk management. 

“Moreover, they need to talk to their insurance brokers about coverage options and which market offerings provide the best fit for their individual needs,” she added. 

Evaluating Cyber Risk as Hacker Groups, RaaS Evolve   

Prominent hacker groups, including Cozy Bear and LockBit, remain significant threats, with state-sponsored attacks and ransomware-as-a-service (RaaS) models amplifying their impact. 

Recent high-profile cyber incidents and data breaches, with the average breach costing a record high of $4.45 million, have influenced pricing trends to more accurately reflect the heightened risk environment. 

Isabelle Dumont, CMO at DeNexus, said before evaluating cyber insurance as a risk transfer mechanism, businesses need to review and understand their cyber risk. 

“Companies with a mature cybersecurity program should quantify their cyber risk in monetary terms to gain visibility into value at risk, expected loss, and probability of a cyber incident to prioritize risk mitigation and risk transfer,” she explained.  

From her perspective, having a robust cyber risk management program not only signifies a high level of risk management maturity but also positions businesses to negotiate more favorable cyber insurance terms. 

“Insurers will always look at minimizing their loss but they’re also ready to invest and offer services to help policyholders reduce their risk,” Dumont said.  

The regulatory landscape is also evolving, with an increasing number of states introducing privacy laws and new rules regarding cybersecurity incident disclosure as adopted by the Securities and Exchange Commission (SEC). 

Consumer privacy and data protection laws have now been enacted in 18 states, with many more bills progressing through various legislative committees. 

“Shifts in the cyber insurance market are evident through rising competition, evolving regulatory environments, and the emergence of new cyber threats,” David Derigiotis, president of brokerage for Flow, wrote in the report. “As the market softens and carriers introduce more comprehensive offerings, agents must leverage their expertise and resources to stay ahead.” 

Building Relationships With Brokers  

Thompson added companies must work with their insurance brokers and build a good relationship with them. 

“This will result in trust that the broker knows their client and will examine options to recommend the most comprehensive and fitting cyber coverage offering,” she said. 

One thing to look for when evaluating cyber insurance providers is that they not only transfer the company’s risk but also offer insights and tools throughout the policy period that, if leveraged, put the company into a better cyber risk posture. 

“Coverage offerings have become quite expansive over the past 10 or so years,” Thompson explained. 

For example, in the soft marketplace, sublimits are being deployed less and less. 

“Additionally, we also see a slowdown in innovation in new coverage offerings within cyber insurance forms,” she said. “It will be interesting to see how cybersecurity incidents like the CrowdStrike outage will influence coverage wording in the future.”