As cyber demand slows, the (re)insurance market must respond with innovation to help keep the market relevant, sources told this publication.
A trend that has carried throughout 2025 is that of reinsurance supply continuing to outstrip demand, which is being impacted by the slowdown in underlying cyber uptake and primary carriers generally buying less reinsurance.
As primary insurers are keeping more risk net to meet their own growth goals, the reinsurance market “doesn’t feel like it’s growing”, a source said.
“We're seeing a lot of acceptance of the fact that there is a lack of growth in the product,” one source said. They believe the insurance market is growing by between 8% and 10%, and the reinsurance market is growing between 5% and 7%.
Jürgen Reinhart, chief underwriter for cyber at Munich Re, said the market needs to stop treating cyber as a “pure capacity gain” and opportunity to bring in premium and start innovating to create products that respond to insureds’ needs.
At a reinsurance level, innovations this year include more offerings of cyber cat or aggregate cover, although the market remains reliant on quota share.
One source said that the players in the primary market are beginning to look at the need for innovation – asking themselves how they can employ the benefits of different structures for their tail risks.
Rate shifts
This supply-demand imbalance driving cyber reinsurance rates down has not yet incentivised cedants to deploy their savings into more treaty coverage.
Alice O’Dwyer Smith, Oak Re’s cyber underwriter, said that there was a “considerable shift” in the dynamics for excess of loss cover, where reinsurance rates are coming down 10%-15% as less limit is being purchased. However, she added that some of this is offset by some established cedants buying more cover.
Looking more broadly, Erica Davis, global co-head of cyber at Guy Carpenter, said that the broker estimated overall cyber reinsurance prices fell by 10%-40% on a risk-adjusted basis on its Q2 placements, with ceding commissions increasing in Q2 by one to two basis points.
Quota share reinsurers are also impacted by dropping rates in the primary market. Marsh figures revealed a 7% drop in Q2 2025, following a 6% drop the previous quarter.
The primary cyber market has been described as a “buyers' market” as demand growth has slowed. Price adequacy in the line has been described as satisfactory “but ultimately brittle”, by Paul Bantick, group CUO at Beazley.
In June, Aon reported that in addition to ongoing cyber rate declines – which have prevailed for the last 10 quarters running – coverage has broadened. It also added that increased limits are now available in most markets for corporates with responsive cyber-security controls.
Despite that focus on security controls, sources noted that the primary cyber market is still generally offering broader terms and conditions and demanding less information to write risks to combat slower demand.
Meeting growth expectations
Munich Re has predicted that the current GWP for the global cyber insurance market of $16.3bn could more than double in just five years to $32.4bn.
Similarly, Howden has previously predicted that 54% of growth in cyber premiums up to 2030 will come from non-US markets, of which 25% will be from Europe.
Whilst some broking sources have agreed that this level of growth is achievable, they highlighted that in the near-term growth will be harder to come by and that the long-term forecast might get pushed out further.
Swiss Re’s market data from 2023 and 2024 indicates that many market players overestimated growth prospects and were too optimistic in their cyber premium projections.
This publication reported in November last year that the cyber market was looking to chase top-line growth in 2025, with growth targets ambitious and most likely unrealistic.
However, Reinhart said there is currently “a little bit less reinsurance demand” and added that he is “100% convinced” that in a few years, the market will face the opposite problem – an oversupply of demand, and not enough capital to keep up.
In the US, the largest cyber market, Reinhart said there is still a significant protection gap and added that there remains “huge potential” in the SME market particularly the micro-SME market.
New structures
One stressed that “the market is growing but innovation is critical in order to maintain the relevancy of our sector”.
Concern was expressed around whether the cyber market is being treated as purely a money maker.
“Instead of developing a sustainable cyber insurance market, we treat … at least part of cyber insurance, as if it was a pure capacity gain, which it is not. Instead of listening to the economy's needs and developing products that help companies to mitigate that risk that cannot efficiently be mitigated by new security measures … we undercut our competitors,” Reinhart worried.
At the reinsurance level, sources told this publication that cedants have been seeking a greater range of structural options, particularly in regard to cyber catastrophe.
One way that this innovation is being brought to the market is with new structures being implemented by brokers like Guy Carpenter and Aon, changing the way that insurers are buying reinsurance.
In July, Guy Carpenter created a new cyber reinsurance cat cover structure, Step Up Aggregate, featuring a variable pricing structure as the deductible erodes.
Similarly, Aon placed a new surge stop-loss product, which reportedly launched in January.
Despite the new products, however, the cyber reinsurance market is still skewed heavily to proportional quota shares, although the excess of loss market has been growing in recent years.
Frequency increases
However, innovation could be tempered by the stress of increased frequency of cyber loss events.
According to Munich Re, taking known instances into account, it is estimated that the exploitation of data leaks increased eightfold in 2024, with approximately 5.5bn accounts compromised.
“We’re certainly seeing that frequency is not reducing,” one source said, noting though that losses are still covered by premium.
Cyber security firm BlackFog reported there were 92 disclosed incidents in January 2025 alone, marking a 21% year-over-year increase for the month.
Similarly, frequency and severity data from Howden and NCC group has shown that frequency is still significantly higher in 2024 than in 2022, although it is slowing compared to 2023.
Another source added that frequency is particularly on the rise in relation to privacy and regulatory claims, most keenly felt in North America.
To grow successfully, and to get back on track to meet the goals set for the cyber line, brokers are urging reinsurance market players to focus on remaining relevant.
Sources believe carriers and reinsurers need to stop seeing the promised long-term growth as a reason to jump on the bandwagon, and instead turn their attention to innovating and create products to fill the coverage gaps.
Got a tip for us? Reach out confidentially here.