Are Cyber Policy Premiums Finally Stabilizing?

Studies have indicated that cyber insurance rate growth is slowing. But what’s driving this stagnation and is it here to stay?
Cyber insurance premiums appear to be stabilizing.

The rise of cyber policy premiums

Cyber insurance premiums saw astounding inflation over the past couple of years, with some reports suggesting growth rates exceeding 120% year-on-year.

Several cyber-attacks have attracted significant public attention in recent years, namely those involving SolarWinds, Colonial Pipeline, Kaseya, and Log4j, the widespread knock-on effect of which have prompted many business owners to shore up against their cyber risks. In addition, intensified geo-political tensions, increasingly digital ways of working, and the severity of many attacks have sparked a sharper understanding of cyber risk amongst the general public. In turn, demand for cyber insurance policies has spiked, making cyber insurance one of the biggest growth engines of the insurance sector.

Concurrently, soaring losses from routine cyber events and the payouts they have cost insurers, have triggered greater premiums in an attempt to preserve capital. For example, the average US ransom payments rose by 370% between 2019 and 2021. And yet, a study by Marsh suggests that, despite this hardening market, the demand for cyber coverage remains high amongst first-time policy buyers, with overall clients purchasing cyber coverage through Marsh going up from less than 5% in 2014 to more than 20% last year.

State of transition for cyber policy premiums

Recent research has shown that rates continue to increase, but that momentum has slowed to a moderate pace than in 2021. This is particularly true of the US and Canada, where rates grew by 133% in December, but then consistently fell to reach a rise of 90% in April, with the number of ransomware incidents declining this year. It should be noted, however, that these lower premiums will typically benefit only those companies that meet cyber insurers’ minimum cyber hygiene requirements, with underwriters continuing to cherry-pick their insureds.

Why the shift? A greater push on cyber security controls heralded an 18% lower attritional loss ratio, fewer cyber catastrophes, and a better risk selection this year. For example, Beazley has cut its ransomware claims frequency by 30% per policy and by 70% where premium charges are also allowed for.

The rapid premium growth experienced up until early 2022, together with these declining loss ratios, has seemingly sparked interest from investors too. Moreover, the introduction of a handful of new entrants to the market has brought in some additional capacity to London on an excess basis. This has translated into increased flexibility from insurers to expand their available capacity in cases where the nature of the cyber risk matches their underwriting strategy. Indeed, there have been some positive trends indicating that carriers are increasing their lines of capacity from $5 million to in excess of $7.5 million.

What to expect in the coming months

By no means does this recent stabilization in cyber policy premium rates indicate the beginning of the end of the hard market.

The Russo-Ukrainian War has seen carriers act with greater caution, with many reviewing their War and Terrorism exclusion clauses to either amend the language, strike the clause altogether or apply the recent LMA guidelines to limit claims. The wording around contingent business interruption will also be tightened and the trigger for such coverage will be restricted to security failure only.

The market will continue to clearly define and limit systemic risk, with carriers more likely to offer less capacity per client to insureds operating in the mid-market rather than large enterprises valued at £1 billion or over, as these larger organizations are fewer in number with a consequently lower accumulated risk. Given the world’s expanding digital footprint, such risk is unlikely to soften.

Moreover, further premium rate stabilization will depend on a continued reduction in the severity of cyber insurance claims and an increase in cyber claims experience. After all, once the loss experience of insurers consistently improves and the pay-off of their risk selection and underwriting policies are felt, carriers will be more comfortable with allocating their capacity without risking their capital.


As the market develops a greater understanding of the ever-changing cyber risks and becomes faster to respond to them, cyber policy premiums are likely to continue stabilizing. However, the boat is far from missed in this sector: a worrying academic deficit in the cyber insurance industry has made remaining competitive increasingly difficult. Those insurance professionals who wish to enjoy a lucrative share in this sector will need to understand shifting market trends, assess their impact on their insureds, and work to mitigate any risks swiftly. Education and continued professional development, namely cyber awareness and training specific to the insurance sector, can enable the industry to continue to thrive whilst driving a softer market for all.

Do you want to learn more about cyber insurance? We offer a range of courses which provide a comprehensive overview of this fast-paced sector.

Copyright © 2022 Cyber Insurance Academy | Registered as Cyber Advisory Excellence | Rothschild Blvd 45, Tel-Aviv | +972 5290594 Designed and built by Studio Praktik