Skip to main content


Captive insurers provide alternative for cyber risk financing

Over the past few years, cyber insurance pricing experienced some of the highest increases of any product line, peaking at 133% in the US in December 2021.
Looking up Green forest. Trees with green Leaves, blue sky and sun light. Bottom view background

Over the past few years, cyber insurance pricing experienced some of the highest increases of any product line, peaking globally at 133% in December 2021. Fortunately, cyber pricing increases have steadily moderated since, with Asia cyber pricing rising by 22% in the fourth quarter of 2022, compared to 25% in the prior quarter. 

As pricing rose and terms and conditions became less favorable for most organizations, many began to explore alternatives to the commercial insurance market, including using captive insurance. The number of Marsh managed captives writing cyber coverage increased by 13% in 2021, and by 127% over the past five years. Primarily the growth comes in the form of single-parent captives and cells. In fact, between 2020 and 2021, 40% of new cell structures managed by Marsh wrote cyber coverage. Marsh now has more than $70 million in cyber premium under management.

The healthcare industry shows the highest use of captives for cyber risk, with 19% of the industry’s captives writing it. Other industries showing increased captive utilization are financial institutions, retail/wholesale, manufacturing, and construction. 

Using a captive to access cyber capacity

A business that sought cyber insurance in the commercial marketplace discovered the coverage it needed was difficult to obtain, as insurers had reduced capacity and raised deductibles. Facing higher costs to buy less cyber coverage than previously, the business turned to a cell.

The business opted to retain and self-fund both its program’s working layer and top layer via a cell in order to obtain the amount of cyber coverage it needed. This strategy enabled the business to buy more affordable commercial insurance for the middle layers, while ensuring an adequate amount of protection for its exposure. Use of the cell also provided a cushion to the business from future changes in insurance market conditions.

So why use a captive to insure cyber risk?

These risk retention vehicles should be considered by businesses in enhancing their financial resilience to cyber events. While there are many factors for clients to consider, captives and cells can provide an efficient structure for clients to retain a portion of their cyber risk. Often these programs will be used in conjunction with a risk transfer program through the cyber market.  

While it’s not a silver bullet, using a captive insurer provides organizations with flexibility and options for their cyber risk management strategy. For example, having cyber coverage in a captive allows them to pivot during or prior to a renewal in three key areas: 

slected option

Helps reduce the total cost of risk by retaining an amount of cyber risk in the captive or protected cell. This reduces the reliance on third parties and captures costs and profits that are otherwise “leaked” to insurers. A captive can also be used to lower the cost of cyber liability by obtaining a high deductible cyber policy on the commercial market and “buying down” that deductible.

Creates extra capacity from the captive or cell that may be challenging to find in the traditional insurance market. Also, the captive can provide access to international reinsurers and specialty insurers, which potentially can introduce new capacity, greater competition, and better pricing for cyber risks that are costly to insure or are not typically covered.

Brings the potential to offer broader coverage. A captive can fill gaps in standard policy language, secure coverage for unique cyber risks, and consolidate cyber liability programs across operations.

Captives used to manage cyber risk in excess and primary layers

Many organizations that use a captive as part of their cyber risk management do so in the excess layers.  This can help clients increase capacity when the cyber insurance market is unable to provide full capacity at an efficient price.  Putting the excess layer into a captive can make the primary coverage more attractive to commercial insurers. 

Captives can also be used to fund retention layers on primary policies. Captives are proven to work on retention layers ranging from US$250,000 to US$200 million, according to Marsh proprietary benchmarking data.

If the primary layer is funded through a captive, commercial insurers in the excess layer(s) will scrutinize the terms and conditions they are following and will want to make sure that the captive’s financials are acceptable. You can also expect them to take a hard look at any third-party administrator (TPA) or claims adjustor that the captive uses. 

In either case, excess or primary, a captive can be used to set aside funding for areas in which cyber losses are anticipated. 

The captive may also be able to access terms and conditions for additional coverages that the commercial markets may look to exclude, such as ransomware events.

A business faced both large premium increases and a decreasing limit year-on-year despite never having submitted a cyber claim.

The business felt the increases, although market-wide, were unjustified for their program based on a 0% loss ratio. Through its existing captive, the company had built a strong surplus. Having a high risk appetite coupled with a desire to increase control of their coverage and cost, it decided to write cyber coverage in its entirety directly from their captive. With strong cyber risk management in place, the company believed it could significantly reduce costs over time by retaining this risk, while simultaneously diversifying the portfolio of risks retained by its captive.

Before you start setting up a cyber captive

As your organisation will be retaining more risk overall, it is even more important that you are able to answer these critical questions:

  • Are my existing cybersecurity measures effective? What improvements need to be made?
  • What is my total risk exposure?
  • How do I optimise my total cost of risk based on our enterprise risk management strategy?

You can gain a better understanding of your readiness for captives by taking the free Marsh Cyber Self-Assessment.


The ongoing changes in technology and digitization combined with the ability of cyber bad actors to keep pace means that cyber risk can be expected to be volatile for the foreseeable future. Using a captive insurer or cell as part of your cyber risk finance strategy can help set a steady course no matter the commercial market conditions.

For more information about using captives for cyber or other risks, contact us or your Marsh representative.