Cyber-Insurance Premiums Decline as Firms Build Resilience

Written by

Cyber insurance premiums have experienced “double-digit price reductions” over the past year as organizations enhance their cybersecurity, according to a leading broker.

Howden noted the decline in 2023/24 came about despite an increase in ransomware incidents of 18% in the first five months of 2024 versus a year earlier.

Sarah Neild, Head of Cyber Retail, UK at Howden, said: “At no other point has the market experienced the current mix of conditions: a heightened threat landscape combined with a stable insurance market underpinned by robust risk controls. The foundations for a mature cyber market, with innovation and exposure-led growth at its core, are now in place.”

By enhancing security in line with industry best practices, organizations become more resilient to breaches, meaning fewer claims, which ultimately feeds back into lower premiums.

Insurers are increasingly demanding measures like multi-factor authentication (MFA), backups, security awareness training, and endpoint detection and response (EDR) as a pre-requisite for even offering premiums.

Read more on cyber-insurance: 70% of Cyber Pros Believe Cyber Insurance is Exacerbating Ransomware

The global cyber insurance market is projected to be worth $91bn by 2033, at a CAGR of 22% from 2023, according to a January 2024 analysis.

Standalone cyber insurance policies apparently accounted for the vast majority (68%) of the market last year.

Organizations are increasingly turning to policies to help them mitigate the financial risks associated with rising cyber-threats and more rigorous compliance requirements.

The cost of a data breach in 2023 stood at $4.45m globally, according to IBM.

The drop in premium costs comes after surging prices in 2021 and 2022 as cyber-attacks ramped up during the pandemic.

Cyber insurance claims actually hit record levels in North America last year, according to broker Marsh.

The firm received over 1800 claims from clients in the US and Canada, more than any other year.

Around a fifth (21%) reported at least one cybersecurity event in 2023, a small increase on 2022 (18%). The share of covered companies reporting one or more cyber events has remained relatively consistent over the past five years, at between 16% and 21%.

What’s hot on Infosecurity Magazine?