UK broking leader on capacity, competition and cyber hygiene
It’s a volatile time for the UK cyber insurance market, which saw double-digit rate drops continue in the first quarter of 2024, marking the second consecutive quarter the market experienced rate reductions to that extent.
However, there’s a contradiction at the heart of the increasingly ‘buyer-friendly’ nature of the market amid the reality that cyber threats remain significant and insureds are continuing to experience large ransomware and privacy losses.
Offering his insight into what’s happening, Gareth Bateman (pictured), cyber growth leader at Marsh in the UK, highlighted that these softening market conditions started gaining traction in the tail-end of 2023. “The trend has continued into this year with rate reductions, opportunities for buyers to reduce their retention, with most buying increased limits because they’re keeping the spend the same with rates coming down and so are reinvesting in increasing the size of their programme. It is a bit of paradox because, in the threat environment, we’re not seeing any letup at all.”
What’s underpinning the current environment?
Two key considerations are driving the current market environment – an abundance of capacity and intense competition among insurers, and the strengthening cyber risk management of UK companies. On the latter, Bateman noted that over the last couple of years, understanding of what controls are needed to defend against ransomware attacks, and what constitutes good cyber hygiene and maturity has proliferated throughout insureds, creating a better risk pool.
“Candidly, the biggest driver at the moment is competition between insurers,” he said. “Most of them are perceiving a rate environment that’s adequate for the risk so they want to write more business. Almost all of the 50 or so insurers in the UK market are hungry at the same time and they’ve got broad appetite. Programmes are over-subscribed, and the pricing environment is something which insureds are focusing on, which is driving competition in terms of rate.”
Creating a sustainable cyber insurance ecosystem
While it’s easy to dismiss competition as being healthy for a marketplace, Bateman emphasised the need for current market conditions to start levelling out if the cyber insurance sector is to be sustainable in the long term. From working closely with clients and having insight into their buying habits, he said, it’s clear that they want predictability and sustainable rates. What’s worrying him and his team is that some of the renewals which have registered double-digit percentage savings might not be available next year.
Rapid spikes, in either direction, of premium are not a sign of a stable or a sustainable market – and it is sustainability that clients are looking for, and which the insurance market should be looking to deliver. With regards to the long-term sustainability of the market, Bateman noted that while he doesn’t expect to see an erosion of the sector’s capital base, it undermines the credibility of the market to have significant volatility year after year.
That’s particularly true for a product which is a discretionary spend, he said, and it’s accentuated by the fact that a lot of businesses are still trying to understand cyber risk in the context of their own organisation. Even if they operationally understand what technology or data will knock out their operations if it’s compromised or encrypted, the next challenge is trying to quantify that knowledge in terms of its impact in dollar terms. That’s where having the right expertise and the right tools is critical because it enables clients to visualise their risk environment and loss profiles in a meaningful way.
“Generally, there is a recognition across businesses that they need to get to this stage in order to understand what risk management strategy is the most appropriate,” he said. “Because until you quantify it, it’s very hard to make decisions and to prioritise.”
Opportunity in the cyber insurance market
The level of cyber awareness and hygiene differs substantially depending on what segment of the market you’re assessing. In heavily regulated or consumer-facing sectors, whether that’s pharmaceuticals or financial institutions, there’s a high penetration of cyber insurance because ever since the rollout of GDPR, they’ve understood the need to protect against data breaches. However, when you look at the smaller, mid-market segment, penetration rates remain perilously low.
For Bateman and his team, that’s where the real opportunity resides for the cyber insurance market – and brokers in particular – to shine. They have spotted real room to grow in that segment, and to build and develop a new customer base, rather than just looking to sell more coverage to existing customers.
It’s a very difficult conversation, he admitted, because these organisations are often going through a budgeting cycle that might take nine months. With the rate environment being what it is, it will probably be completely different at the end of that cycle, making it very difficult for the risk manager to have the right conversations with the CFO, and the CFO can’t have the right conversations with the board. But these conversations do need to be had regardless because cyber is a mission-critical risk.
Taking Marsh’s statistics as a bellwether for the wider market, it’s interesting to see how the book is growing.
“In some regions like Latin America and some parts of Asia, we are seeing increased flow of business, where there’s obviously adoption going on,” he said. “But even in the UK market, the opportunity is still significant in terms of new buyers. I think the recognition of cyber risks is growing.
“So, there’s a market of buyers who recognise the risk, and there’s a market ready to offer it which is hungry for the premium. It comes back to that credibility point – about communicating the breadth of the product, creating greater transparency and trust, and creating greater stability in the pricing environment.”
Related Stories
Keep up with the latest news and events
Join our mailing list, it’s free!