We are the voice of insurance and long-term savings | Contact us

Cyber insurance – growing the market to meet the global threat

The UK cyber insurance market continues to grow at a steady, yet impressive rate. The Association of British Insurers is working with brokers, underwriters, and other trade associations to look at the demand side of the market. We are having productive discussions and hearing the diverse perspectives of those who share our commitment, to find opportunities and solutions to sustainable cyber insurance market growth.   

Cyber insuranceThe backdrop to discussions is of heightened cyber security threats, risks of systemic attack and increased market scrutiny. Some of the latest major attacks include the Colonial Pipeline ransomware attack that brought East Coast America’s fuel supply to a standstill and the far-reaching Microsoft Exchange Breach that prompted the European Banking Authority to pull its entire email system offline. In the UK a recent 2022 survey shows that one in ten firms admit to being the victim of a cyber-attack in the last year. Public sector infrastructure is not immune either and recent victims in 2021 included the London Hackney City Council and the Irish Health Service Executive. 

In the cyber insurance market, access to cover is restricted, product complexities have grown, pricing has increased, and reputational risks have increased yet the market continues to grow. Predictions are that the global market will grow from a worth of $7bn in gross written premiums (GWP) in 2020 to $20.6bn by 2025 yet the threat is impacting the market too. Ransom related claims accounted for 32% of Marsh’s cyber claims in 2020 compared to an average of 14% during 2016-2019. It is not surprising that it is a hard market and global cyber insurance pricing increased by an average of 32% year-on-year in June 2021, as carriers reacted to spiralling loss costs. We might expect the trends to continue given the recent $1.4bn Merck award for cyber losses incurred in the 2017 NotPetya ransomware attack. 

In the UK the cyber insurance market is growing but remains small. Cyber insurance written in the UK for UK businesses is estimated as 5% to 10% of global cyber insurance cover. Cyber insurance written in the UK for non-UK businesses is estimated as a much larger share of global cyber insurance cover, with exports from Lloyd’s syndicates accounting for approximately one fifth of global gross written premium in 2021.   

Amidst this challenging yet exciting environment the ABI supports a market level effort to drive sustainable demand and adoption and access to cyber insurance. There is a quality product offer in the market that provides risk transfer, prevention, and recovery and this can tangibly reduce cyber risks. This in mind, the main questions for our industry discussions are:  

  • What do clients think of the cyber insurance offer? 
  • What is the general level of broker understanding of the current market offer? 
  • And what reasons or barriers are there for purchase? 

The ABI are especially interested in the market’s position in the context of the wider resilience agenda. We want to learn about the effects of organisational size on product demand, particularly for SMEs developing and meeting security standards and cost-effective ways to reach new markets, like digitisation and the uptake of free tools. We are also concerned by the reputational pitfalls that the market faces, especially given the likelihood of systemic attacks. We will be thinking about how to leverage our access and influence over regulatory and government action, as well as our public communication work, to raise awareness of the issues. 

There are several sustainable growth levers in the market, that have come to light through our collaborative discussions. These include better assessment tools for risk selection, more accurate modelling and a trend of procurement and contracting requirements among insureds, that requires SME cyber risk management. There is also agreement among brokers, insurers, and trade associations that they need more in-depth senior management engagement internally on the major issues, more direct access to Government threat intelligence feeds and more future collaboration on cyber insurance to drive sustainable demand and market growth.  

Looking ahead, we will be pursuing cohesive market level engagement with the wider cyber security ecosystem to achieve our goals. The Government recently published the UK National Cyber Strategy 2022-2030 and it signals a busy year of Government engagement ahead. There is one small but significant mention of insurance in Pillar 2 of the strategy, on Cyber Resilience. The Government has committed to increasingly work with market influencers, including insurers, to incentivise good cyber security practices across the economy. While this might come in the form of market incentives that encourage effective cyber security, ‘where necessary this will be complemented by targeted legislation to ensure that cyber risk is managed effectively by those who have the greatest responsibility to do so, and that the UK’s cyber security legislation remains effective in the light of evolving risk and technologies.’  

We are paying special attention to the complimentary publication of the Government’s 2022 cyber security incentives and regulation review as this adds flesh to strategic proposal above. There is a commitment there to help cyber insurers gain better access to data and ‘impact information’ about the impact of incidents. The market will welcome this commitment and we look forwards to continuing our Government engagement.  

We are also watching out for and will be engaged in the PRA’s 2022 Cyber Insurance Stress Test, which will review the market and is likely to lead to further regulatory intervention in line with the Government’s Cyber Security Strategy.  

As insurance led discussions continue we will draw in Government, Regulators, and the wider cyber security ecosystem and key economic actors. This might also include risk managers, procurement professionals, legal experts, business community leaders and other cyber security experts who can raise awareness and understanding of the risks and support resilience as we continue to unlock sustainable UK market growth. We look forwards to the year ahead and welcome the further engagement on these challenging and exciting issues in what is surely one of the most innovative areas of general insurance today.  

Last updated 07/02/2022