U.S. Cyber Insurance: Market Trends and Opportunities

U.S. Cyber Insurance: Market Trends and Opportunities
April 19, 2024 13 mins

U.S. Cyber Insurance: Market Trends and Opportunities

U.S. Cyber Insurance: Market Trends and Opportunities

Understanding market trends and future projections in an evolving cyber insurance market is paramount to strengthening risk mitigation and transfer strategies.

Key Takeaways
  1. Pricing for cyber insurance is expected to remain stable through 2024 due to ample capacity and a competitive market environment.
  2. Boards and executives can better navigate regulatory changes by prioritizing how to mitigate cyber and privacy risks.
  3. Risk managers should partner with brokers to help quantify cyber risks, understand claims activity and stay ahead of evolving threats.

The cyber risk landscape is shaped by several factors — from expanding privacy and cyber security regulations to increasing ransomware events, the emergence of artificial intelligence (AI) and machine learning-driven cyber attacks. As cyber risks continue to evolve, companies need actionable insights and solutions to strengthen their cyber risk strategies.

Buyer-Friendly Cyber Market Conditions Prevail

Throughout 2023, cyber insurance premium rates decreased by an average of 17 percent, challenging expectations of a modest deceleration in rate reductions by Q4. 

In the second half of 2023, there was a notable surge in cyber and privacy incidents. Contributing factors included the spread of ransomware attacks, exemplified by the ransomware attack that hit file transfer software, MOVEit1, alongside heightened reporting requirements from regulators.

“As the likelihood of severe cyber and privacy incidents increases with time, it's crucial to implement preventive risk management approaches and strong cyber security measures to minimize future financial losses and protect reputation,” says Matt Chmel, Chief Broking Officer for Aon’s Cyber Solutions in North America.

Key trends shaping the cyber insurance market include:
  • Surging ransomware attacks in 2023
    • Ransomware events are up 1,281 percent over the past five years.
    • Ransomware attacks spiked drastically in the first half of 2023 and continued to escalate into Q4 2023, disrupting businesses across the following industries:
      • Business professional services
      • Manufacturing
      • Healthcare
      • Real estate/construction
      • Education
      • Public entities
    • Surging ransomware attacks resulted in greater insurer losses.
    • It also underscores the need for robust cyber security measures and proactive risk management strategies.
    • Insurers are working toward better risk selection for organizations, prioritizing cyber governance, providing security controls advice and demonstrating effective internal processes to mitigate evolving threats.

    Cyber Incident Rates
  • New cyber-related SEC disclosure rules
    • The U.S. Securities and Exchange Commission (SEC) introduced new cyber-related disclosure rules.2
    • The new rules require organizations to disclose information about their cyber security governance, including management and board oversight. 
    • The SEC also mandates foreign companies to make comparable periodic disclosures.


Decline in cyber premium rates in Q4 2023 YOY

Source: Aon Cyber Solutions

Systemic Risk is a Top Concern for Insurers

Systemic risk plays an important part when it comes to insurance evaluation, scrutiny and, in some cases, restricted coverage offered for critical infrastructure, correlated events and war. Certain insurers restrict coverage on either a generalized or event-specific basis.

In line with Lloyd’s cyber war exclusion market bulletin,3 U.S. domestic insurers too are now implementing similar wording concepts (e.g., a compliant cyber war exclusion must now be included in policies purchased through Lloyd’s). This has led to some confusion and could also cost the market some income.

“There remains a lack of consistency in the market with the war policy exclusion. Many insurers and reinsurers still negotiate the language on a deal–by–deal basis,” says Chmel.


Increase in ransomware activity in Q4 2023 YOY

Source: Aon Cyber Solutions

Fresh Capital Continues to Create a Competitive Insurance Landscape 

Despite a growing number of cyber incidents and heighted privacy regulation, the U.S. market showcased expansion of a buyer-friendly cyber market. “Shaped by several marketplace dynamics, new and returning insurers are bringing in fresh capital and intensifying competition, leading to rate deceleration,” says Samantha Billy, Growth Leader for Aon’s Cyber Solutions in North America. 

In addition, business efforts to strengthen security have created more sustainable pricing levels. “We are monitoring the uptick in claims notice activities that took place in Q3 and Q4 of 2023 and determining how it will impact the market once we get into the second half of 2024,” adds Chmel.


Increase in overall cyber claims reported in the U.S. in 2023 YOY

Source: Aon Cyber Solutions

Quote icon

The risk management submission process remains rigorous, but markets are finding greater efficiencies through increased consistency of questions among insurers and partnerships with external vendors.

Samantha Billy
Growth Leader, Cyber Solutions, North America

Navigate the Future Cyber Space with Confidence

In 2024, expected shifts in the cyber landscape include tighter controls and terms, alongside a potential stabilization in pricing. This reflects the growing complexity and severity of cyber risks. 

Retention Change
Limit Change
  • Businesses with decreased retention saw an uptick in Q4 2023, ending the year at around 15 percent. Businesses experiencing retention increase remained stable through the end of 2023, at 7 percent to 8 percent.
  • About 20-25 percent of businesses purchased additional limits while less than 3 percent purchased less limits in the last quarter of 2023.


Here are four ways to make better cyber policy decisions:

1. Build stability and bespoke solutions.
Understand changes and how different insurance policies work together to create stabilization — then build those relationships. Proactively engage with knowledgeable insurers and stay ahead of emerging threats to build resilience against cyber risks.

2. Quantify your cyber risk.
Growing ransomware activities, new SEC regulations, machine learning and the evolution of AI technology potentially being used for or against a business, it is critical for businesses to understand existing risks and work toward insuring them appropriately.

3. Partner with the whole organization.
Cyber and privacy risk is a company risk. Work together with the entire business to effectively showcase controls — from the chief information security officer and privacy counsel to boards.

4. Maintain the confidential nature of insurance policies.
Keep threat actors from knowing coverage information so that it cannot be leveraged against the organization. Bad actors continue to threaten victims and demand ransom payments that are based on the client’s insurance coverage limits.

Quote icon

Identifying the right insurer who understands your risks, has a proven track record of paying claims, and is willing to customize policy wording to address your exposures and incident response strategies is critical to manage future volatility.

Matt Chmel
Chief Broking Officer, Cyber Solutions, North America

It is also essential for risk managers to review the tools, technologies, and procedures necessary to help combat cyber threats. With enhanced data privacy regulations expected to come into effect globally, cyber security in 2024 promises to be both exhilarating and demanding as it navigates uncharted terrain. 

Aon’s Thought Leader
  • Samantha Billy
    Growth Leader, Cyber Solutions, North America
  • Matt Chmel
    Chief Broking Officer, Cyber Solutions, North America

General Disclaimer

This document is not intended to address any specific situation or to provide legal, regulatory, financial, or other advice. While care has been taken in the production of this document, Aon does not warrant, represent or guarantee the accuracy, adequacy, completeness or fitness for any purpose of the document or any part of it and can accept no liability for any loss incurred in any way by any person who may rely on it. Any recipient shall be responsible for the use to which it puts this document. This document has been compiled using information available to us up to its date of publication and is subject to any qualifications made in the document.

Terms of Use

The contents herein may not be reproduced, reused, reprinted or redistributed without the expressed written consent of Aon, unless otherwise authorized by Aon. To use information contained herein, please write to our team.

More Like This

View All
Subscribe CTA Banner