The global cyber insurance market is expected to grow by 20% in 2024, driven by rising awareness of cyber risks, stricter regulations, and more industries seeking coverage. Not bad for a market labelled ‘uninsurable’ by Zurich’s chief executive.
Nearly two years on, what’s changed? This 2024 update takes a clear look at where the market is headed from both global and regional perspectives. While businesses have boosted their cybersecurity postures, the jump in cyber insurance uptake shows that strong defences alone aren’t enough. The truth is, cyber risks are growing more complex, and protecting your organisation now needs both solid cybersecurity measures and smart insurance coverage.
We’re breaking down three key trends in cyber insurance:
Read on to see how these trends affect your business and why you need both cybersecurity and cyber insurance to stay protected.
At the end of 2022, Zurich’s CEO warned that cyber risks were becoming ‘uninsurable’ due to their uncertain nature. Premiums shot up as insurers tried to clarify ‘silent cyber’ coverage gaps with tighter policy terms.
However, the picture is different in 2024. Cyber insurance prices are beginning to settle down. Howden’s Global Insurance Index shows prices down 15% after peaking in mid-2022, thanks to better security practices by businesses and more competition among insurers.
But don’t be fooled into thinking lower premiums mean less risk. Even with reduced costs, cyber insurance remains crucial for managing risks that stronger security alone can’t cover. Lance Rubin, Founder of Model Citizn, found this out the hard way when his business was hit by a cyber attack. “I was hoping [cyber insurance] wouldn’t just be another policy that sits there, but when that day came, I realised it’s actually valuable,” he told us on our On the Defence podcast. “Cyber insurance isn’t just about covering direct losses; it’s about managing the broader risks that can sink your business.”
During the premium hikes of 2023, insurers started demanding stronger security measures to reduce incident risks and offer better coverage.
This trend continues in 2024, with insurers setting clearer cybersecurity standards as conditions for coverage. A recent Sophos study shows insurers are increasingly requiring companies to adopt risk management frameworks and cybersecurity measures like multi-factor authentication and endpoint protection. Stricter underwriting processes and tailored policies are emerging, especially for industry-specific risks.
Rubin’s experience is a good example of why businesses need to stay on top of their security measures. “You think about the costs — not just the immediate ones, but the ripple effects to your brand, your clients, your staff. The forensic investigation was covered by insurance, but without it, the damage would’ve gone far beyond what we could manage ourselves,” he shared.
What does this mean for you? You need to keep investing in security. But even then, cyber insurance is still crucial as a backup plan. It’s your safety net against the attacks that slip through.
Fraudulent fund transfer (FFT) was a significant threat in 2022, overtaking ransomware as the most common type of claim and making up 36% of all cyber insurance claims in Q3.
According to Coalition, FFT continued to be a major concern in 2023, accounting for 28% of all claims, with the frequency of these claims up 15% year over year. FFT is often linked to Business Email Compromise (BEC) attacks, with 56% of all claims involving either BEC or FFT.
For Rubin, this lesson hit home hard: “I didn’t think I was going to be at risk, and that was the real big takeaway… it’s not just about you as a business; it’s about how you’re connected to the broader industry. Even a small business can be a target because of who they do business with,” he explained.
The takeaway is clear: focus on stronger payment fraud prevention, especially around email security protocols. But even the best prevention strategies aren’t foolproof. If an attack gets through, you still need insurance to cover recovery and losses.
US insurers are adapting to an evolving regulatory environment, including the expansion of Regulation E and the SEC’s new cybersecurity disclosure rules, which demand greater transparency from businesses about their cyber risks and incident responses. With high-profile breaches like the National Public Data Breach impacting billions of individuals, insurers are tightening requirements to ensure businesses are actively managing their cybersecurity risks.
To navigate these changes, businesses should regularly review their insurance policies to ensure compliance with new regulations and invest in comprehensive cybersecurity measures to prevent coverage gaps. By taking these steps, organisations can better protect themselves against evolving threats and maintain a strong security posture in an increasingly complex landscape.
The cyber threat landscape in the US continues to evolve, with Business Email Compromise (BEC) and ransomware remaining dominant attack types. The 2024 Cyber Claims Report reveals that these threats accounted for a significant portion of claims in 2023, and they are expected to grow. Meanwhile, the Corvus Risk Insights Index points to a surge in attacks on supply chains and critical infrastructure, underscoring the heightened risk environment. Recent incidents, such as the ADT data breach, which compromised over 30,000 customer records, highlight that even established companies are vulnerable.
In this complex landscape, businesses must adopt a dual strategy: maintaining robust cybersecurity measures to prevent attacks and securing comprehensive insurance coverage to manage the fallout when breaches occur. By combining strong defences with adequate insurance, companies can better mitigate risks and safeguard their operations against a wide range of potential threats.
Many US businesses are still exposed to financial risk due to gaps in their cyber insurance coverage. The recent Haliburton data breach illustrates how quickly cyber incidents can escalate, resulting in significant expenses that many policies fail to cover adequately. Meanwhile, a CyeSec gap analysis found that 43% of breach insurance policies don’t cover full recovery costs, like data restoration and legal fees. Meanwhile, the Splunk State of Security report shows businesses investing in strong cybersecurity often see lower insurance premiums.
To avoid these gaps, invest in cybersecurity and regularly review your insurance to ensure full protection.
CFOs must bridge the gap between finance and cybersecurity. Learn practical steps to enhance strategy and safeguard your organisation’s future.
All the news, tactics and scams for finance leaders to know about in July 2024.
All the news, tactics and scams for finance leaders to know about in June 2024.
End-to-end B2B payment protection software to mitigate the risk of payment error, fraud and cyber-crime.
