A recent surge in high-profile cyberattacks is offering an opportunity for insurers including Munich Re AG and Chubb Ltd. to cash in from a rapidly expanding market — and prompting a rethink on premiums.
As artificial intelligence makes attacks more widespread and devastating, Munich Re expects the global cyber insurance market to reach $16.3 billion in 2025, up from $15.3 billion in 2024. Global premium volume is expected to more than double to around $30 billion by 2030, growing at an average annual rate of more than 10%.
With the vast majority of risks still uninsured, an estimated $9.5 trillion was lost globally in hacking crimes in 2024, according to technology consultant Cyber Security Ventures, a staggering increase from the $600 billion McAfee estimated in 2018.
The latest victim, Marks & Spencer Group Plc, is still grappling with the fallout. The hack, first reported on April 22, disrupted sales and operations at the British retailer and sent its shares plunging. It faces a £300 million ($405 million) hit to operating profit this year, before mitigation through cost savings and insurance.
Beazley Plc, a pioneer in cyber insurance, saw a short-term increase in demand for coverage following the M&S hack.
“When high-profile breaches happen, shareholders start asking questions,” Sydonie Williams, the company’s head of international cyber risks, said in an interview. “There was a sense of ‘that could have been us.'”
Cyber insurance products, though they’ve been around for decades, became a key growth driver for insurers from around 2019 or 2020, according to Williams. That was fueled by a spike in ransomware attacks by for-profit criminal gangs and the world’s growing digitalization, which accelerated when companies all went online during the pandemic.
“We’ve been flagging for a while now that there is more criminal activity, more cybercrime since the kind of brief pause in 2022,” Beazley Chief Executive Officer Adrian Cox said on an April 29 earnings call. “And we continue to hear of more stresses across the market and an increased strain on profit margins.”
The scale of M&S’s setback is likely to provide an incentive for other businesses to buy cyber insurance, and those with policies to check that their existing cover is adequate, Bloomberg Intelligence analysts Kevin Ryan and Charles Graham said.
“A claim of this scale will attract intense scrutiny from insurers,” said Adam Casey, director of Cybersecurity & CISO at Qodea Ltd. While it “might not trigger an immediate hike in premiums across the board, it’ll likely contribute to an upward trend.”
Beazley and Allianz SE are among insurers on the hook for the British retailer’s claim, CityAM reported.
Impact on Premiums
“What we always saw across the industry was that after a major attack, whether it’s covered or not by the insurers, the demand for cyber insurance would increase,” said Abid Hussain, an analyst at Panmure Liberum. “It’s perverse to say this, but it almost acts like a marketing tool to actually buy some cover.”
That in turn could trigger a rise in premiums, which have recently been falling as the coverage of the policies has tightened over the past few years, according to Hussain.
“We’re at an inflection point across the industry where they need to work out whether the premiums are adequate,” he said.”There’s going to be another step change, either in the policy wording or in the premiums, or both.”
Gross written premiums at Beazley’s cyber risks unit are seen growing 67% over the next five years, Bloomberg estimates show.
Cyberattacks remain the most pressing concern for risk-management experts, Allianz data shows, suggesting hedges against it may become more mainstream soon.
Still, there remains a disconnect between cyber risk awareness and investment in cybersecurity insurance coverage. Less than half of companies in the FTSE 100 have a cyber policy, and that drops to below 10% for small- and medium-sized enterprises, Beazley’s Williams said. Beyond the UK, 87% of C-level respondents consider their organization’s protection to be inadequate, a global survey by Munich Re found.
“There’s a tension between affordability and the desire to buy it,” Panmure Liberum’s Hussain said. “If you think there might be a global recession coming and people are tightening their belts, they will rightly or wrongly pull back on insurance coverage.”
On top of the basic insurance service, some firms are building their own in-house cyber teams, helping companies to monitor the threats and suggest changes to firewalls, systems and processes.
“It is self-fulfilling because it helps the organization to reduce the risk of attack and then therefore reduces the premium and therefore makes it more affordable,” Hussain said. “It’s a virtuous cycle.”
Photograph: Computer code displayed on screens arranged in Danbury, U.K., on Thursday, Jan. 7, 2021. Photo credit: Chris Ratcliffe/Bloomberg
Related:
- Marks & Spencer Says Cyberattack to Cost £300 Million
- Cyber Insurance Market Size Expected to Soar: Munich Re
- Cyber, Business Interruption, Natural Disasters Listed as Top 3 Business Risks: Allianz
Was this article valuable?
Here are more articles you may enjoy.
AIG Settles Lawsuit Against E&S Rival Dellwood and Former Employees 
Ford Recalls Nearly 1.1 Million Vehicles Over Rearview Camera Software Issue 
Underwriters of the Future Are Constant Partners With Agents, Carrier Exec Says 
More Tornadoes, Fewer Meteorologists Make for a Dangerous Mix 
