Short introductionToday, we’re thrilled to sit down with Rupert Marais, our in-house security specialist with deep expertise in endpoint and device security, cybersecurity strategies, and network management. With the cyber insurance market facing significant shifts—from declining rates to fierce competition and uneven adoption across business sectors—Rupert offers a unique perspective on what’s driving these trends and what the future might hold for insurers and policyholders alike. In our conversation, we explore the reasons behind the market slowdown, the impact of reduced premiums, and the challenges of expanding coverage to smaller businesses, among other critical topics.
What’s behind the current slowdown in the cyber insurance market, and how significant is this trend?
The slowdown in the cyber insurance market is largely tied to an oversupply of coverage compared to demand, especially among large corporations where the market is nearing saturation. We’re seeing organic growth taper off as competition among insurers heats up. This isn’t just a minor blip—it’s a structural challenge. Insurers are vying for the same pool of clients, which forces them to lower rates or relax terms to stay in the game. It’s a buyer’s market right now, but that comes with risks for long-term sustainability.
How does the intense competition among insurers contribute to this market dynamic?
Competition is a huge driver here. With so many insurers offering cyber coverage, they’re under pressure to stand out. This often means slashing premiums or offering more lenient terms just to retain clients or attract new ones. While this benefits policyholders in the short term with lower costs, it can erode profitability for insurers and potentially lead to weaker risk management practices if they’re not careful. It’s a delicate balancing act.
Swiss Re has noted that cyber insurance rates have been dropping for three years straight. What’s fueling these reductions?
The rate reductions are primarily a result of the competitive landscape I mentioned. Insurers are cutting premiums to maintain or grow their market share, especially in the large corporate segment where demand is already high. Additionally, some insurers might be banking on improved cybersecurity measures reducing overall claims, which allows them to justify lower rates. But there’s a risk here—if a major systemic cyber event hits, these reduced rates might not cover the losses, leaving insurers exposed.
How are these lower rates impacting the quality of coverage or the cybersecurity expectations for policyholders?
Lower rates can sometimes mean insurers are less stringent about cybersecurity requirements to close deals. For instance, they might not push as hard for robust controls or regular audits if it risks losing a client. On the coverage side, while premiums are down, some policies might come with reduced limits or exclusions that aren’t immediately obvious. Policyholders need to read the fine print because cheaper coverage could mean less protection when it matters most.
There’s talk of insurers making concessions on premiums, controls, and limits. Can you explain what these concessions look like in practice?
Sure, concessions on premiums are straightforward—insurers are discounting rates or offering flexible payment terms to win business. On controls, some are easing up on mandatory cybersecurity standards, like not requiring multi-factor authentication or frequent security training as strictly as before. As for limits, insurers might lower the maximum payout for certain types of claims, which can leave policyholders underinsured during a major breach. These compromises can create vulnerabilities down the line.
Swiss Re projects cyber insurance premiums will reach $15.6 billion by 2025, but growth estimates have dropped slightly. What’s causing this downward revision in growth?
The downward revision from 6% to 5% growth reflects a more cautious outlook due to market saturation in the large corporate space and slower-than-expected uptake among smaller businesses. Economic uncertainties and the unpredictability of cyber threats also play a role—insurers are hesitant to bank on aggressive growth when systemic risks like large-scale attacks loom large. It’s a sign that the market is maturing, but not without growing pains.
Why are large corporations dominating the cyber insurance market while small businesses seem to be lagging behind?
Large corporations dominate because they have the resources and awareness to prioritize cyber insurance. They often face higher-profile risks and have complex IT systems, so coverage is a no-brainer. Small businesses, on the other hand, often lack the budget or expertise to even consider it. Many don’t realize how vulnerable they are to cyberattacks, or they assume insurance is too expensive. Penetration in the small business sector is only around 10-20%, which shows a huge gap.
What are the main barriers stopping small and medium-sized businesses from adopting cyber insurance, and how can these be addressed?
The barriers are mostly cost and complexity. Small businesses often operate on tight budgets and see insurance as a luxury rather than a necessity. There’s also a lack of understanding—many don’t know what cyber insurance covers or how to get it. To address this, insurers need to offer simplified, affordable products tailored to smaller firms, alongside education campaigns to highlight the risks of going uninsured. Partnerships with local business networks could help spread the word too.
Expanding into new customer segments like small businesses is seen as key to sustainable growth. What strategies could insurers use to make this happen?
Insurers could develop streamlined, low-cost policies specifically for small businesses, focusing on core risks like ransomware or data breaches. Bundling cyber insurance with other business policies could also make it more appealing. Beyond products, insurers should invest in outreach—think workshops or online tools that demystify cyber risks and coverage. Building trust is crucial, as many small business owners are wary of hidden costs or fine print. It’s about meeting them where they are.
Looking ahead, what is your forecast for the cyber insurance market over the next few years, especially with these evolving challenges?
I think the cyber insurance market will continue to grow, but at a slower pace than some might hope, especially as competition remains fierce and large segments stay saturated. We’ll likely see more focus on small and medium-sized businesses as the next frontier, but only if insurers can crack the code on affordability and education. Systemic cyber risks will keep everyone on edge, and I expect insurers to tighten underwriting standards eventually, even if it means pushing back against current concessions. The wildcard is a major cyber event—if that happens, it could reshape the market overnight with rate hikes and stricter terms.
