Another competitive year has closed in the cyber insurance space. We’ve seen aggressive competition and increased capacity with insurers, along with an evolution in risks from insureds. New entrants and increased capacity are forcing rates down, while claims threaten to drive premiums in the opposite direction. While the battle for market share dominates, artificial intelligence is quietly pushing the industry to evolve.

Claims continue to increase in frequency and severity, yet rates have managed to decline. This is due in part to new market entrants competing to build books of business without the burden of legacy claims, which create unsustainable loss ratios. The more seasoned markets are left relying on prior years’ rate hikes to manage historic claims and fight for business.

Factors Driving Competition in the Marketplace

• Increased Capacity: As of Q2 2024, we saw increased capacity, with markets offering $10M in limits. Excess markets sought creative solutions by offering $15M and $20M limit options.

• Expansion into Higher-Risk Operations: Insurers are expanding their appetites to include higher-risk operations such as cannabis, casinos, payment processors, and crypto.

• Innovative Solutions and Customization: Insurers, wholesalers, and brokers are offering creative solutions to stay relevant in an evolving industry. Industry-specific insurance forms, DIC coverage, and manuscripted language have become a focus.

• Cybersecurity Warranties: Cybersecurity firms offer warranties to supplement their products and services. It’s important not to conflate the warranty with an insurance policy. They are separate products offering critical but distinct solutions.

Continued Challenges Facing the Cyber Market

Ransomware claims continue to be a disruptive force in the industry, affecting all business sectors. While ransom demands have increased, ransom payments are declining slightly. This is due in part to reliance on backups and distrust in the attackers. With double and triple extortion becoming commonplace, businesses are less inclined to gamble with threat actor groups.

Third-party litigation involving the wrongful collection of data, including pixel tracking and biometrics, continues to escalate. The consistent increase in claims frequency and severity will eventually threaten market sustainability and force rates up.

Artificial intelligence (AI) and machine learning are pushing the industry forward. AI is being leveraged to increase the scope and scale of attacks and provide the unskilled hacker with the capabilities to pull off sophisticated attacks, such as deepfakes.

Looking to the Future

The insurance industry is struggling to catch up with the rapid evolution of AI. Most policy forms don’t offer affirmative coverage for AI risks, leaving insureds to rely on silent or ambiguous coverage. Only a few markets offer a solution to AI-related bias and discrimination claims. As more businesses incorporate AI into their operations, insurers will need to step up with affirmative language.

Geopolitical tensions are expected to drive an uptick in state-sponsored cyberattacks, placing global operations, supply chains, and critical infrastructure at greater risk. Coverage for these attacks remains limited due to persistent cyberterrorism exclusions and a lack of carve-backs for state-sponsored attacks.

Insurers are also expected to maintain exclusions for dependent business interruption (DBI) and wrongful data collection, including pixel tracking and biometrics. Without carve-backs for these risks, policyholders may face uninsured losses in critical areas.

With no market-wide standardization and ongoing changes to policy language, navigating the evolving cyber insurance landscape will require expert guidance. Working with a broker that has a specialized cyber team is essential to secure the broadest possible coverage at a competitive price. Such expertise ensures that emerging risks—from AI exposures to third-party data claims—are addressed before they become costly gaps in protection.