US Cyber Insurance Market Update

Signs of improvement in third quarter of 2022

While cyber coverage demand is high, rate increases have declined.

Cyber insurance rate increases have decelerated nearly 80% on average in just six months. Here’s what you need to know about why — and what comes next.

Marsh’s quarterly US cyber insurance market updates provide insights on managing cyber risk and obtaining cyber coverage, with the goal of helping stakeholders prepare for — and lead — conversations with key cyber influencers and decision makers in their organizations.

The cyber insurance market began to embrace a new cyber paradigm toward the end of 2021. At the time, the market was at an inflection point, leaving many wondering if it would remain on its tumultuous path, become even more challenging and ultimately unaffordable and/or unsustainable, or begin to stabilize. Now, three quarters into 2022, the market is clearly showing signs of improvement:

  • New capacity and insurers continue to enter the market.
  • Organizations are improving their cyber hygiene.
  • Carriers are enhancing risk engineering and risk management capabilities.
  • Communication is strengthening among governments, law enforcement, corporations, and the insurance industry.

The outline of a more stable market on the horizon is becoming clearer as time passes. We are optimistic the market will continue to build on this momentum and continue on its path toward stabilization.

Even though the market is improving, carriers’ actions continue to lack coverage clarity, contract certainty, and insight into pricing mechanisms. This causes great frustration for buyers as they try to make informed decisions about the investments needed to strengthen cyber resilience and to be insurable.

As the cyber insurance market continues to mature, it is important for all stakeholders to apply the lessons learned, not just those of the past two-plus years, but over the market’s 25-plus-year history. Doing so will help the market become stronger and more resilient over time.

Continued growing pains

Insurers continue to revise their strategies in hopes of stabilizing the market. This includes implementing operational and tactical actions, such as changes to risk appetite, product composition, and supporting services offered to insureds.
 

Controls

A number of carriers continue to scale back or not offer ransomware-related coverages if a client has demonstrated poor controls in managing cyber risk.

Exclusions

Lloyd’s and others have proposed new exclusionary policy language to address cyber operations between nation states in the context of war and beyond.

Sublimits

Carriers review aggregation lists and consider sublimits for certain perils, as well as territorial exclusions, based on ongoing geopolitical conflicts. 

The implementation of various strategies to address such concerns has sometimes led to unintended consequences and consternation, which can be further complicated by:

  • The market’s continued growing pains.
  • The always-on, ubiquitous nature of cyber risk.
  • Continued concerns over ransomware, supply chain exposure, security and privacy regulations, and catastrophic and accumulation risk, including nation state activity.

 When insureds do not feel like they are provided with clarity, transparency, and coverage certainty, their confidence in and comfort working with the cyber insurance market declines. This occurs even as the product continues to prove to be effective in protecting balance sheets, paying claims, and enabling organizations to responsibly understand, measure, and manage cyber risk.

Close attention should be paid to the details and possible effects of implementing strategies before they are broadly introduced. The effects of any strategy — like most elements of the cyber insurance market — are greatly nuanced by the risk profiles and needs of individual insureds. 

Maintaining a constant feedback loop between brokers, insurers, insureds, and other stakeholders will help to mitigate some of these challenges. It will also provide parties with full transparency into the intent, purpose, potential challenges, and applicability of underwriting and pricing strategies moving forward, and will build trust throughout the cyber insurance market.

Looking ahead

We understand the challenges that all stakeholders face , not just in the cyber insurance market, but also in the overall cyber environment. Hopefully this update provides more perspective on what's happening, why, and some optimism about the path forward.

The offering of available, affordable, sustainable, and high-quality cyber coverage is imperative to building a more stable, effective, and sustainable cyber insurance market. Insurers need to balance the need for profit while providing offerings that meet companies’ needs. Clients need an effective product at a reasonable cost.

Marsh is committed to championing collaboration, transparency, knowledge sharing, and communication in the cyber resilience ecosystem to help our clients protect and promote their possibility. Learn more about our strategic, enterprise-wide approach to cyber resilience.

Is your organization evolving with the cyber risk landscape?

Marsh’s cyber specialists offer best-in-class services and solutions to improve your cybersecurity and resilience.

Is your organization evolving with the cyber risk landscape?

Marsh’s cyber specialists offer best-in-class services and solutions to improve your cybersecurity and resilience.

Staying ahead on cyber

Take control of your cyber risk with our strategic, enterprise-wide approach to cyber resilience.