Golden Dayz/shutterstock.com_1928985863
22 January 2025Feature

Cyber re/insurance growing as storm clouds gather

A Gallagher report said the market has stabilised but threats are increasing. 

2024 may have been the calm before the storm for cyber re/insurance, according to a new report from Gallagher. 

The insurance broker said in its annual cyber re/insurance outlook that a stabilised cyber insurance market, including lower rates and increased competition,  is likely to carry forward into 2025, but storm clouds are gathering. 

Ransomware and social engineering attacks continue to be a concern but attacks on supply chains were also “becoming a favoured strategy of threat actors” while losses stemming from wrongful date collection claims started to mature. 

“Finally, the underwriting community has a watchful eye focused on the potential for future losses related to generative artificial intelligence, both from increased threat actor capabilities and from a regulatory compliance perspective,” the report, by cyber managing director John Farley (pictured), said. 

“ So, while we have reached a period of relative calm, the market is juxtaposed with gathering storm clouds around a variety of current and emerging cyber claims concerns. 

“This will certainly test the wherewithal of the cyber insurance market in the coming year.” 

Gallagher said it expected the reinsurance market to grow in 2025, with cedents and reinsurers making increased use of insurance-linked securities generally, proportional reinsurance transactions and catastrophe bonds. 

“Despite today’s softening market conditions, we foresee a cyber insurance market that is poised for significant growth over both the near and far term,” the report said. “Cyber insurance carrier profitability will help to drive this growth through underwriting discipline and focus on effective security controls. 

“Recent research indicates that carriers have emerged from challenging periods of three years ago to realising favourable loss ratios, which could fuel further growth.

“However, the market will need to be disciplined as it grows,” the report concluded. “It must be mindful of changing threats, rapidly evolving technology and an increasingly unstable geopolitical threat landscape.”

Gallagher  said several high-profile supply chain attacks occurred last year, with the most impactful affecting those in the health care, automotive and transportation sectors.

“Non-breach privacy claims have become concern as these losses started to mature in 2024,”the report said. “Claims based on wrongful data collection, particularly those related to website tracking technology and biometric data, are coming to bear”.

Gallager said heightened regulatory risk could also exacerbate cyber claims frequency as public companies are required to report material cyber incidents within four days. Increased regulatory requirements, with fines for non-compliance, are expected to occur in the future.  

Did you get value from this story? Sign up to our free daily newsletters and get stories like this sent straight to your inbox.