Ransomware severity makes cyber market question profitability

With cyber rates negative since 2023, the market is starting to question whether the line has finally tipped into unprofitable territory.

During the insurer’s capital market day, Beazley CEO Adrian Cox said that the firm believes the US market is now unprofitable and is continuing to soften despite an active claims environment.

Market participants canvassed by this publication still saw cyber opportunities in certain pockets but discussed a market approaching an inflection point on pricing as carriers grapple with a lengthening claims development tail.

Yet despite an increase in ransomware severity, slowing demand growth is driving ongoing rate reductions. This raises the question of whether insurers are doing all they can to encourage demand while preventing a need for the sharp price corrections the cyber market has faced in previous years.

Data from Beazley shows that financial year combined ratios for the cyber line, based on third-party reinsurer data, now exceed 100%.

Beazley CUO Paul Bantick told this publication that the figures shown above, with an average combined ratio of roughly 110% and some cases spiking as high as 170%, are driven by the increase in frequency and severity of ransomware attacks, increased claims and falling rates.

“What we're saying is price adequacy is a real problem in North America, and something's going to have to happen here, and we need to get some more discipline, because the longer we go into this, the bigger the snap.”

He clarified that the “snap” price correction would not be as severe as in previous years should it take place now, but it will be if the market continues to keep writing at lower rates.

Bantick said the reason the market got to this point of continuous negative rate for so long is because “cyber was making money at the top of the market, and everyone put big growth plans together”.

Bantick said Beazley is not withdrawing from the cyber market, but it is not growing against the backdrop outlined above.

Inflection point

Some market sources have agreed with the sentiment of the market’s unprofitability; others have suggested that it is more a case of teetering on the edge of unprofitability.

Bob Parisi, head of cyber solutions, North America, for Munich Re described the US landscape as a “challenging environment” noting that “there's more capacity chasing risk, there's a depression of pricing and there is often a relaxation of … underwriting discipline”.

“At the same time, we are seeing absolutely no let-up in claims and losses,” he added.

Andrew Lewis, lead cyber underwriter at IQUW, told Insurance Insider that the market feels as though it is at an inflection point.

“There’s not much room left,” he said, noting that in his experience, this applies to the whole market, not just the US.

CFC group capacity director Andy Holmes gave a more tempered view, describing the market’s profitability as “marginal”, rather than unprofitable.

The calculations depend partly on whether a firm is operating in the large market or is heavily weighted towards small and mid-market, he said.

He added that CFC feels better about the pricing adequacy in the UK as opposed to the US.

Aon’s UK cyber broking leader Alistair Clarke echoed this more regional take on the cyber market’s profitability, saying that there will “inevitably” be pockets of the market, whether it's from a geographic or an industry vertical perspective, that perform better than others.

He gave the example of the US healthcare sector in 2023, which experienced a lot of cyber losses that might make that particular underwriting year for certain markets reasonably marginal.

However, Clarke added that “overwhelmingly, the market has been profitable”.

Some were hopeful that cyber rate decreases may be beginning to flatten or at least stabilise in light of loss experience.

James Bullock-Webster, head of technology, media and cyber at broker New Dawn Risk, said he expects to see rate decreases slowing, particularly in specific pockets.

“I think healthcare, education, manufacturing and municipalities are probably areas where rates are going to stop going down and maybe flatten out, perhaps in the next 18 months or so.”

Samuel Bradley, senior cyber underwriter at Arch International, said that for the market to achieve greater maturity and stability, “it’s critical to maintain a disciplined underwriting approach to ensure rate adequacy.

“This is particularly important given the current competitive landscape where there is an abundance of capital in the market.”

It remains to be seen whether cyber reinsurers start to push carriers harder on underlying rate in upcoming renewals, but with cyber reinsurers also plagued by excess capacity and slower demand, the two segments are still relatively intertwined.

The 1 January renewals may see more mature cyber insurers shift away from quota share reinsurance but look to hedge their peak cyber cat risk via cat XoL deals, Beazley’s Cox told Insurance Insider.

He added that cyber ILS was “at the start of something quite exciting”.

Growth goals

The push for top-line growth has been a persistent problem throughout the soft market as demand levelled off, with targets being set to reflect prior years of booming growth.

According to Swiss Re, the cyber market experienced a 31% compound annual growth rate between 2017 to 2022, which dropped off to just 5% from 2022 to 2026 as the market began to soften in 2023.

This left carriers with the expectation of growth but little in the way of rate to support the higher targets, leading to exaggerated softening and lessening of underwriting discipline.

S&P Global Ratings said it expects the cyber insurance market to grow at an annual rate of 5%-10% over the next three years, noting that it expects growth to be supported by insurers “selectively underwriting non-malicious outages and certain critical-infrastructure exposures”.

Munich Re’s Parisi maintains a more robust outlook and indicates we might see premiums double to around $30bn by 2030.

Parisi described this as an “aspirational” projection, but he explained that if price trends and number of new buyers “remain roughly the same” the target should be manageable. If the market hardens, that figure may well be achieved much sooner.

But he also noted that if the market continues to soften, it might take longer to reach the $30bn target.

Many sources, however, questioned where the growth is set to come from to reach this number.

Ransomware trends

Market sentiment on the frequency of ransomware events varied slightly, with some suggesting it is flat and others claiming it is increasing.

However, there was a general agreement that severity of claims is up.

Aon’s Clarke noted that there “may be a slight lull in ransomware frequency, but not enough to suggest that it's not still a massive problem”.

He added that “we've never seen a summer in the UK like this”, in which several industries, including retail and manufacturing, have been impacted.

“I think it would be enormously unwise to suggest that instances [of ransomware attacks] are down and thereby losses are going away.”

This year has seen several cyber events that have mostly been considered near misses for the market, including Co-op, Jaguar Land Rover and Amazon Web Services. However, Marks & Spencer (M&S) was insured for its extended outage following an attack.

One source said that frequency was the “the real challenge” in the last soft market before a correction, in contrast to the current environment.

They said the claims environment for North American cyber is now experiencing severity that is “up substantially”.

“If severity of claims [is] going up and retentions and premium are coming down, that makes your severity go up even more.”

Underwriters can manage increased loss frequency through better risk selection and other controls, they explained.

“But if severity is up, if you have a claim – good clients still have claims – the only way through severity sometimes is rate.”

Pixel losses

As well as the first-party losses coming through the cyber market, sources noted that third-party litigation resulting from class action lawsuits regarding privacy claims is also escalating.

In 2022 and 2023, there were so-called “pixel” wrongful collection losses, which are starting to come through the market now.

A pixel, specifically the Meta pixel, is a type of tracking technology that helps to provide key performance metrics generated by a particular platform.

The Meta pixel collects user data and shares it with Facebook and Instagram, in some cases without their customers’ consent, leading to an increased risk of litigation.

These losses have been part of the reason why the market is starting to reevaluate the length of the tail on cyber products, with more sources now saying it may be longer than initially expected.

Bradley said that Arch is observing the tail of privacy-related claims increasing, “as well as the severity on a cost per record basis, as the US plaintiff’s bar becomes emboldened”.

Last year, sources explained the cyber tail is more like three to five years rather than 12-18 months, sometimes even for first-party losses.

Now, sources lean more towards seeing the line of business as having a five- to seven-year tail.

Parisi described the cyber market as “starting to look like a mature line of business”, with the tail “starting to look and feel like other lines of coverage” as the tails are “lengthening and becoming more severe”.

SME target

Following the M&S ransomware attack in May, this publication argued that the high publicity event could be the key to winning over “new new” business.

With only 10%-20% of small and medium-sized enterprises (SMEs) and just 5%-10% of micro-SMEs buying the product, it seems reasonable for the market to set its sights on this largely untapped market.

Since the attacks, UK SME enquiries for cyber insurance at CFC have increased by 91%, according to Holmes.

Underwriting sources generally have also seen a spike in interest from this area of the market, following the high ransomware activity over summer.

As well as using the M&S attacks as a poster child for the benefit of having cyber insurance, Holmes explained that the argument for buyers to purchase cyber has never been stronger.

“It's cheaper, and you need it more than ever,” he said.

But he stressed that this will not be available indefinitely, describing the advantage as open for a limited window.

The cyber product, as it is, is arguably not fit to take full advantage of this SME window.

According to Holmes, the language that is used to discuss cyber insurance is “indecipherable” to SMEs, noting that even the name “cyber” is unhelpful.

He suggests that the product could be sold as “virtual property insurance” instead, employing a simplification of the product language to make it more understandable to SME buyers.

“They just want a number to call and confidence that the phone will be answered,” Holmes said.

Others agreed that the product needs to be simplified.

IQUW’s Lewis said that work needs to be done to understand why those small clients aren't buying and to build a product that is “meaningful, relevant to them, but at the right price point”.

He suggested stripping the coverage back to focus on the core element of what's important to SME buyers to allow for a more competitive price.

Solving the SME demand problem is part of the bigger tension surrounding the cyber market outlook for 2026, with low demand a consistent headwind for carriers in the face of rising loss activity.

Sources described a market that is balanced on a knife’s edge, with conditions becoming more primed to snap, requiring remedial action as occurred during 2020-2022.

It appears the cyber market will have to employ underwriting discipline, hold the line on rate and pull back on lofty growth targets to make the transition into a harder market a smooth one, so that the product remains effective in the years to come.