Despite Cyber-Insurance Market Challenges, Number of Buyers Grows

Cyber-insurance price increases moderated for the fifth consecutive quarter during the first 3 months of 2023, rising 11 percent on average in the United States, compared to 28 percent during the fourth quarter of 2022, according to Marsh.

In its US Cyber Purchasing Trends report, Marsh noted that despite cyber-insurance market challenges including steep price increases, tighter terms and conditions, and greater underwriter scrutiny, the number of cyber-insurance buyers continues to grow.

Marsh said that 36 percent of its clients purchased cyber insurance in 2022, up from 27 percent in 2018.

Large companies remain the most frequent buyers of cyber insurance, Marsh reported, with companies with more than $1 billion in annual revenue most likely to purchase the coverage. Marsh said that 47 percent of its clients with annual revenues greater than $1 billion purchase cyber insurance, versus 34 percent of those with revenues under $1 billion.

"Larger organizations typically have more robust cyber risk management infrastructure, and many view cyber insurance as part of their overall cyber resilience strategy," the Marsh report said. "Further, there's a perception that larger companies are potentially more lucrative targets for bad actors and thus, face a higher level of threat from factors such as employee and supplier errors."

Still, it's important to recognize that organizations of all sizes are targets, Marsh said, with those with weaker cyber-security controls presenting lower barriers to cyber criminals.

The Marsh report noted increased interest in using captive insurance as part of the cyber-insurance solution. "Many clients sought to regain a sense of control of their cyber programs as 2022 progressed," the Marsh report said. "In the last 2 years, for example, we saw a 75 percent increase in the number of Marsh-managed captive insurers writing cyber coverage."

After slowing in 2022 from the prior year's level, ransomware claims increased in this year's first quarter to a level not seen in more than a year, Marsh said. New threat actors emerged in February and March at the same time established cyber criminals executed mass ransomware attacks, Marsh said. Meanwhile, ransomware-as-a-service continues to grow, making it easier for cyber criminals to engage in ransomware attacks.