Insurance Day is part of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC’s registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

This copy is for your personal, non-commercial use. For high-quality copies or electronic reprints for distribution to colleagues or customers, please call UK support +44 (0)20 3377 3996 / APAC support at +65 6508 2430

Printed By


Cyber insurers warned of buyer push-back as market hardens

Rate hikes and cyber security demands could force insured 'to question value of the product'

The combination of hard market conditions and reduced capacity in the European cyber market could lead to a change in buyer behaviour, industry experts warned.

Cyber insurers in the region have been grappling with losses arising from increasingly dangerous and sophisticated cyber attacks, putting pressure on the sector’s profitability. While some have exited their positions in cyber as a result of these losses, those that have remained have increased rates and made greater cyber security demands of their clients.

Alistair Clarke, Aon’s UK cyber broking leader, said buyer behaviour could be considered a threat to the sector. “The market needs to be very careful not to create a situation where many buyers question the purchase of cyber coverage altogether,” Clarke said.

This could see the larger, more sophisticated and well-funded buyers reducing limits or stop purchasing cyber insurance altogether.

“In so doing, the market would be left with less quality risk in their portfolios, which is the exact opposite of what the market needs at this time,” Clarke said.

It comes as sector faces rising loss ratios from increasingly sophisticated cyber-attacks, such as from ransomware, which had led some carriers to exit their positions or reduced their cyber exposures.  Insurers are also placing increasingly stringent cyber risk management requirements on buyers when taking new business on board as a measure to prevent attacks and further losses. 

“We have seen European companies on a real charge to get their security controls to a level that meets insurers’ requirements,” Debbie Hobbs, Miller’s head of cyber, technology and media, said. “Due to the increased number of losses, most insurers are only looking to write companies with best-in-class controls. We’ve seen an uptake in requests for cyber insurance from European markets.”

Coupled with a period of rate correction in the sector over the past 18 months, clients will have to show they are able to collaborate with their insurers on their security measures.

The European cyber market has traditionally been behind the US, but European privacy regulations that were implemented much later than in the US are now accelerating demand for cyber cover. 

Last year the European cyber market underwent rate corrections as insurers saw excess coverage layers were severely underpriced and this has filtered down to lower layers. James Burns, CFC Underwriting’s head of cyber, said: “The days of cheap excess primary layers seem to be well and truly over.”

“What we’re seeing now is organisations finding it hard to build the towers they want and we’re seeing a real lack of appetite for primary layer business among some insurers,” Burns said. “All insurers are responding to the ransomware epidemic and increasing rates as part of their arsenal to try to combat that.”

The cyber market, Burns added, has “taken a pause” as insurers review the performance of their books. 

Cyber insurance can no longer simply comprise the provision of a policy, with insurers adding risk prevention elements to the products they offer, which will also protect their loss ratios, Burns added.

Dave Harvey, FTI Consulting’s head of cyber security, UK, said insurers have been forced to respond to the loss increases by “placing more scrutiny and importance on the cyber readiness” of their clients.

These new measures could include tighter security controls, such as offline back-ups, multi-factor authentication logins and cyber security training for employees.

“Risk management in cyber security insurance carefully balances the evolving threat environment against the risk exposure of its portfolio,” Harvey said. “To do that, the first steps are to identify the threat and understand your own exposure.”





Ask The Analyst

Ask The Analyst - Ask Your Question Send your question to our team of expert analysts. You can: • Ask for background information on/explanation of articles in Insurance Day * • Find out more about our views on industry developments • Ask for an interpretation of market trends • Source supplementary data relating to articles • Request explanations to further your understanding of current issues (* This relates to any Insurance Day that is included as part of your subscription) We will do the research and get back to you personally with the information you need.

Your question has been successfully sent to the email address below and we will get back as soon as possible. my@email.address.

All fields are required.

Please make sure all fields are completed.

Please make sure you have filled out all fields

Please make sure you have filled out all fields

Please enter a valid e-mail address

Please enter a valid Phone Number

Ask your question to our analysts