Skip to main content


Five trends in the UK cyber insurance market

In this article, our cyber team explore five shifts we have seen in the cyber insurance marketplace during 2023.
Manager is using a laptop computer while analyzing the company's financial statements on the screen.

The UK continues to be a profitable target for cyber criminals, with malicious attacks on digital systems and technology impacting organisations in a variety of sectors. More than 37% of large businesses have become a victim of cybercrime, according to the UK Government. 

In the context of increasingly sophisticated attacks and a widened threat landscape, the UK cyber insurance market in 2023 has experienced an influx of new buyers that are benefitting from stabilising rates following post-pandemic highs. New entrants into the market have sparked competition, and clients have benefitted from strengthening coverage and capacity as a result. 

Hundreds of cyberattacks occur every month in the UK, and the increasingly sophisticated methods of threat actors mean organisations of all sizes have been impacted. High profile cyberattacks in 2023 were reported by organisations ranging from government agencies and retailers to media outlets. 

A number were affected through vulnerabilities in their IT supply chains, reinforcing the need for vigilance around cybersecurity controls, such as rigorous monitoring of the measures taken by vendors and suppliers. The events included ransomware among other attacks which regularly exposed customer data, interfered with supply chains, and more. 

UK cyber insurance market trends in 2023

Against this background, there have been shifts in the insurance marketplace in 2023, including:

  1. Pricing: Cyber insurance pricing continued to decline, on average, through the year. In the third quarter, pricing dropped 8% for clients with annual revenues of over £250 million, compared to year-over-year increases averaging 38% in the same quarter a year earlier. Of these clients, 71% experienced price decreases this year. Price reductions on excess layers were generally more significant. 
  2. Limits and capacity: In the second quarter of 2023 insurers typically continued to remove some restrictions to existing coverage. Capacity increased amid ongoing Lloyd’s support for the cyber market. More than 9% of clients increased their retention in the third quarter, which may indicate increased confidence in their cybersecurity measures.
  3. Claims: Claim volumes have risen in 2023 compared to last year, with ransomware remaining a key factor. Threat actors continue to use innovative and sophisticated ways to cause disruption. Almost half of total claims to date in 2023 have emanated from attacks on the IT supply chain. However, trends suggest that the ransomware model may be becoming more difficult to monetise. 
  4. Underwriting: Systemic cyber risks remain a top concern. Insurers are typically including specific war and territorial exclusions in policies,  with war exclusion language  in line with Lloyd’s requirements. Underwriters are scrutinising areas that are directly relevant to the threat landscape, such as data collection practices and vendor management. Despite this, an injection of capital into the cyber insurance market has resulted in broader options for clients.
  5. Cyber property damage and business interruption (PDBI): In line with a 2017 Prudential Regulation Authority (PRA) mandate, insurers must be explicit as to whether cyber is covered as a peril in an insurance policy to avoid “silent cyber” (cyber risk in non-cyber policies). This has led to exclusions of cyber perils, particularly in “all risk” and property policies. This is a key factor in the development of the cyber PDBI market but is not the only consideration for buyers. 

The proliferation of operational technology (for critical infrastructure, transport, manufacturing, marine, energy, and utilities), high-tech buildings with inherent PDBI risk, and connected devices has also contributed to the growth of this sector. There is currently more than £200 million of advertised PDBI capacity, and rates generally decreased in 2023. While it is often the case that the traditional property and casualty market offers coverage for non-malicious cyber events, the cyber PDBI market fills the void for malicious events, such as a ransomware attack.

Outlook for 2024

Cyberattacks on the IT supply chain will likely remain focal points in 2024. In 2023, 44% of client claims involved attacks on either IT service providers or a software product. In addition, data exfiltration — as part of ransomware attacks — became more prominent. We expect insurers to continue focusing on IT vendor management and data collection practices throughout 2024.

While ransomware and other events are expected to continue, there is optimism that insurance capacity will remain available in 2024.

Some clients are likely to face new challenges regarding risk associated with operational technology. The London insurance market provides capacity for property damage arising from a malicious cyber event. 

Artificial intelligence has been a hot topic throughout 2023, with many organisations exploring ways in which generative AI can support everyday business activities. Discussions around how such tools will be governed continues, and it is important for clients to recognise the associated risks involved. 

How Marsh can help you understand, measure, and manage cyber risk

Cyber risk management is an ongoing endeavour, and it is important for organisations to adopt a proactive approach. As your cyber risk adviser, Marsh can help you in a number of ways:

  1. Incident management: Our cyber incident management team can help formulate your cyber incident response and support you during and after an incident. 
  2. Risk advisory:  Our advisory team can partner with you to enhance cybersecurity resilience in view of technology advancements and the ever-evolving threat landscape.
  3. Risk intelligence: Our economic modelling and quantification tools (such as Blue[i]) can  inform risk transfer and cybersecurity decision making.
  4. Insurance: Our proprietary insurance programmes enable efficient cyber risk transfer.


Meet the authors

Ellis Nicholson

Ellis Nicholson

Vice President, Cyber UK

  • United Kingdom

Dan Lewsley

Daniel Lewsley

Vice President, Cyber UK

  • United Kingdom