Identified - the top trends in cyber insurance going into 2025

Will market conditions continue to stabilise?

Identified - the top trends in cyber insurance going into 2025

Cyber

By Mia Wallace

Tasked with navigating an ever-evolving risk environment, the cyber insurance market has distinguished itself by its ability to pivot at speed, alongside its early adoption of proactive products and solutions. So, with 2025 in the near distance, what are some of the top trends shaping the sector – and what is the next year likely to hold for the market?

These were some of the questions addressed by Paul Larson (pictured), general manager of financial lines at Liberty Mutual, in a recent interview with Insurance Business. Pricing is leading the conversation, he said, with soft pricing trends continuing though recent months have brought some deceleration of rate increases, which points to the market potentially entering a period of stabilisation.

Exploring some of the factors behind this increasing stabilisation, he highlighted the cyclical nature of the market and how the pricing environment became such a significant consideration in 2021 and 2022. What goes up must come down, he said, and the conditions in the market created more competition in the space. “A lot of the startups were already in flight and they got a lot more capital behind them, so they were able to compete.”

Looking at the early stages of a lot of the fintech and cyber markets, he noted that they were so focused on the smaller end of the market that when it moved to very firm conditions, they were able to move quickly into larger aspects of the commercial market and to compete effectively with the incumbents there. “On top of that that, I think you’ve had a lot of willingness from reinsurers to more broadly support the cyber market over the last few years,” he said. “And a lot of that is on the heels of how firm the market became in 2021.”

As to where the capital conversation goes next, Larson believes that one of the reasons why the market is starting to see rates begin to moderate is that capital probably became slightly overcrowded in the cyber sector over the last few years. Now, especially in the wake of the latest hurricane season, there might be a refocus of capital in other areas such as property. “I think those things are going to continue to shape cyber and other casualty lines, as the cyclicality of the market ebbs and flows.”

Changing coverage amid an evolving risk profile

Recent trends also point to some coverage expansion, he said, particularly with regard to areas such as dependent business interruption. On the larger accounts, there has been a move to pre-agreed arrangements to use certain forensic accountancy firms, which has reduced the ability of carriers to question some of those valuations. “I would say that has had a somewhat dilutive effect when it comes to pushing back on some of those business interruption claims.

“Another big topic is AI and how it is potentially shaping not just the underwriting of the business - because everyone is actively using tools and will see that ultimately flow through to how we underwrite the business – but also, in the near term, how companies are using the data models. I think underwriters are starting to scrutinize - are they using caution?

“Do they have the right controls around the utilisation of AI? And could there be any impact on PII? Could they be inadvertently violating some data privacy laws in utilising the AI? Healthcare is another [theme]. We’re seeing markets being a lot more concerned about the healthcare sector as an industry in general, but then going downstream, about all the PII that they hold and how they may use tools in the healthcare process that may actually further expose some of that information.”

How to navigate a fast-changing risk landscape

Larson said it has been encouraging to see the growing awareness of the reputational and business interruption implications of a cyber incident. He sees that, over time, there will be more balance and cooperation between carriers and clients around what is being done from a loss control and loss prevention side.

Certainly, in the midst of such a fast-changing risk environment, the focus for him and his team is on continuing to engage with and build out its loss control services to make sure that underwriters are using those with the right potential clients. It’s critical to work with clients who will understand, appreciate and actively engage with those advisory services. “In addition, it’s about modelling your portfolio to make sure you’re not overweight in any one area.

“If we think about how carriers are starting to model this business from a catastrophic point, we're still in the very early innings of learning what kind of an impact a systemic event could have on the industry. So, we’re working closely with reinsurers too, as they look to model out some systemic event models, and how to overlay that with our own portfolio.

A successful cyber strategy goes beyond thinking just about individual account underwriting, he said, and carriers need to take more of a portfolio approach in order to ensure they’re not more susceptible to one systemic event than another. They also need to make sure that they have not only risk mitigation efforts in place, but also disaster recovery efforts in place should the worst happen.”

Where does the cyber market go next?

Looking ahead to 2025, Larson does expect the market to continue to stabilise. The big question mark is how some of the class of 2020 and 2021 shapes out over a longer period of time, he said. Certainly, he anticipates that some of these startups will need to make efforts to demonstrate their profitability and ability to trade in the same way.

“What’s going to be interesting – relative to some of the legacy markets that have been in this business a lot longer and have a significant portfolio, as well as a significant amount of reserves – is if the reinsurers become a little bit more fickle. I think that could change the competitive landscape significantly. And then, if we continue to see significant ransomware events, that would continue to change the landscape as well.”

Related Stories

Keep up with the latest news and events

Join our mailing list, it’s free!