The cyber market is still chasing top-line growth in their targets for 2025, sources have told this publication, but some in the market have expressed concern over whether it is likely these goals will be met.
Everyone is planning on growing, sources generally agreed, adding that growth targets for 2025 were roughly between 10% and 30%.
To meet these targets, carriers are tending to focus on SMEs, particularly in Europe. This source of growth is due in large part to the significantly lower penetration levels in this segment.
Previously, Howden predicted that 54% of growth in cyber premiums up to 2030 will come from non-US markets, of which 25% will be from Europe.
Dani Tobler, head of cyber reinsurance at Swiss Re, said recently that approximately 80% of large corporates with annual revenue above $10bn have adopted cyber insurance, but only around 10% of SMEs have done so.
"As a result, organic growth in the large corporate sector is largely limited to clients purchasing higher limits, whereas the potential in the SME market remains significant through clients purchasing new policies.”
Are expectations realistic?
Global cyber premiums doubled from 2017 to 2020 and again from 2020 to 2022, a report from Swiss Re said. During this period, forecasts were projecting a continuation of strong growth rates.
However, Swiss Re’s market data from 2023 and 2024 indicates that many market players have been overestimating the growth and were too optimistic in their cyber premium projections.
Sources told Insurance Insider that, like Swiss Re, some companies are also revising their market growth expectations to be considerably more modest.
Furthermore, with rates down, and the large corporate market in the US becoming increasingly saturated the cyber market won’t grow “at the 25% year-on-year level that people were expecting maybe two, three years ago,” one source explained.
However, it was generally agreed that the trend will be a slowing of growth, as the class is still likely to outgrow most other lines of business.
Rates coming down in the cyber market is one of the key reasons for this slowdown, sources said.
According to data from Marsh Cyber, rates have been falling since Q3 2023.
“This is the underpinning inflection point that I think we're finding ourselves in the US where rates are coming down, and coverage is expanding, carriers can't really underwrite to it that well, and limits are going up. That's a bad recipe,” a source said.
New ways to meet targets
Sources suggested that market maturation is another reason cyber underwriters are no longer able to maintain that same level of growth. Projections will naturally have to decrease as the baseline number of companies that purchase cyber insurance becomes higher, sources explained.
They added that the sector would never be able to grow by the same kind of outsized percentages as in the hard market.
Furthermore, SME take-up of cyber insurance is very low and that doesn’t look likely to change.
This is partly due to a perception problem, a source said. “Cyber is still not seen as an essential buy, and generally when conditions harden, cyber is always seen as the one [product] that can be thrown out.”
Similarly, sources noted that with no regulatory obligation to buy cyber insurance, educating SMEs and providing the right product is “critical” to grow that market.
In the Swiss Re report, Tobler agreed, stating: "The largest potential lies in the SME opportunity: To strengthen resilience against cyber threats, the insurance industry must not only broaden its geographic footprint, but also tailor risk transfer products and services to the specific needs of this client segment and find efficient ways to distribute them."
Other sources said that if that market wants to make sure those growth targets are hit, it needs to make the cyber product easier to trade.
It was also suggested that a significant cyber event could turn the tide on SME cyber take-up, as companies may be frightened into purchasing cover.
This year saw several significant cyber events such as Change Healthcare, CDK and most notably the CrowdStrike outages.
Sources said that there was an opportunity for the recent events to change the perception of the necessity for cyber coverage, but ultimately perceptions remained unchanged.
Ultimately, though, sources stressed that even in the case that the double-digit growth targets laid out for 2025 are not met, there is still “huge opportunity” in cyber.