Which market moves are defining the cyber re/insurance sector in Q1 2025? This was among the questions put to a range of specialists during CyberCube’s most recent Cyber Predictions’ webinar, with Dan Palardy (pictured), chief actuary at Cowbell, highlighting the shift towards risk management post-bind.
“This is a trend that has probably been building momentum across the ecosystem for some time now, all the way from the individual policies at the primary level up to the retro and the ILS markets,” he said. “But nevertheless, I think the adoption of these practices has lagged somewhat.
“That’s partly as a result of the 2022 hard market, which made cyber risk attractive on rate alone, for a period. It also allowed us to hit some lofty growth projections, even though the penetration rates weren't necessarily increasing or keeping pace with what was projected. So, fast forward to the past two years, what we’ve got now is softer rating dynamics, somewhat elevated claims trends, and there's a shift in focus towards a more tech-enabled model, both in the underwriting and the risk management component of the business.”
The cyber insurance market also has a couple years of greater maturity, Palardy said, so there's greater visibility into these technographic data points. This, in turn, serves to strengthen some of the confidence in the tech underwriting model. It’s a trend he expects to see continue in the remainder of 2025.
As to where the reinsurance market sits with regards to cyber today, Palardy said he sees a market “seeking to keep pace with very bullish growth projections. I don't inherently disagree with the long term view of the cyber market as being highly relevant and significant on a global scale,” he said. “But in the short term, we haven't necessarily kept pace with the more bullish side of those projections.”
This is mainly due to the softer rating environment that the market is seeing right now, he said, and, more importantly, slower than expected penetration rates. “Granted, I speak more specifically to the SME component of the market, because that's where I'm most fixated. But I think the point on cyber penetration rates stands all the way up the chain.
“The extent to which the market is keeping pace with these projections, mainly depends on its ability to capitalise on the emerging opportunities right now, because it's not happening on rate alone,” he said. “So, what we see is an acceleration of new products, new services embedded within the insurance products, and, of course, a push into new markets.”
To a certain degree, these rating dynamics are pushing a more innovative approach, he said, and this is a net gain to the industry, and perhaps forcing the hand of some of the more established shops that might have a more outdated model. “But I'll emphasise that, particularly in the SME market, there's a significant opportunity in the ways of standardisation of basic resiliency measures and education. And these types of things can find a natural home within the insurance placement process, and possibly within the insurance product itself.”
Adding his perspective, cyber specialist Stephen Ridley highlighted the “persistently soft market”, particularly in London. The hard market conditions of 2022 ensured the space became very attractive to new entrants looking to capitalise on that rating environment. “What we've seen in a few years since is there has been a flood of new capacity into the market, and the demand hasn't increased at a level to match that capacity increase that we've seen.
“Certainly, from a London perspective, we're still not doing a good enough job as a market of educating customers or getting people to see the true value in cyber insurance, because underinsurance is endemic across the whole sphere of companies that we see here. [It is] most acute in the SME space with, optimistically, an estimated 10% of SMEs buying cyber insurance in the UK.”
However, Ridley said, it’s not a concern limited to the SME space as larger companies are not necessarily buying limit to match the risks they might face. There’s still a lot of work that the market needs to do to show companies why they need to be taking action – and new products, solutions and standardisation measures will be integral to that.
“So, how do we standardise what we’re doing a lot more? How do we talk in a consistent manner to businesses in a way that I’m confident in us, as an industry, being able to do,” he said. “Having differentiated policy language, different ways of assessing risk and different ways of quantifying what we're doing, only adds to confusion and uncertainty – and that stops people from engaging in it. There's still some steps that we need, as an industry, to take in order to combat some of those things.”
