View all newsletters
Receive our newsletter - data, insights and analysis delivered to you

Cyber insurance costs finally stabilising, says Howden

Growing affordability of cyber insurance premiums is linked to improved corporate cybersecurity, says the insurance provider in its latest report. 

By Greg Noone

Evidence suggests that the average cost of cyber insurance is coming down, a major provider has said, with year-on-year changes in premium pricing persistently declining since the start of 2023. According to a new report from insurance intermediary Howden, this market correction – which has historically seen premiums remain high amid a global ransomware epidemic – is attributable to more robust cybersecurity across the private sector. 

“Favourable dynamics have persisted into 2024,” said Sarah Neild, Howden’s UK head of cyber retail, despite persistently high numbers of ransomware incidents, global geopolitical instability and growing fears about how cybercriminals might harness generative AI. “At no other point has the market experienced the current mix of conditions: a heightened threat landscape combined with a stable insurance market underpinned by robust risk controls. The foundations for a mature cyber market, with innovation and exposure-led growth at its core, are now in place.”

An AI-generated line graph used to illustrate a story about the declining price of cyber insurance premiums.
Cyber insurance premiums are declining in price, according to the latest report by market intermediary Howden. (Image by Shutterstock)

Cyber insurance market showing signs of maturity

Cyber has proven to be a difficult market for insurance firms in recent years, as providers struggle to help businesses hedge against the threat of being hacked without shouldering significant costs themselves. That challenge has usually been solved in one of two ways: either by raising the price of the premiums or by imposing strict cybersecurity regimes on clients to reduce the risk of a breach occurring in the first place. 

Increasingly, it seems the private sector has taken it upon itself to do the latter without encouragement from insurance providers. While the frequency of ransomware incidents has increased by 18% compared to 2023, said Howden, fewer firms are paying ransoms to cybercriminals, “due in large part to more effective risk controls.” CISOs are also increasingly using generative AI to hunt new threats to their companies, with 22% reporting to Howden that they have started doing so this year. 

Premium prices are also being pulled down thanks to a general expansion of the market outward from large corporates to SMEs. That trend has also been replicated geographically, with Howden predicting that half of the growth in premiums by the end of this decade will come from territories outside the US. “In the major European economies of Germany, France, Italy and Spain alone,” said the firm, “the premium uplift potential in just replicating penetration levels achieved in more mature markets is in the region of €700m.” 

Systemic cyber risks still loom large

Even so, concerns about systemic cyber risk persist in several markets. A growing chorus of financial institutions, for example, have raised the alarm about how breaches at popular third-party software providers could lead to catastrophic consequences for the banking sector. However, according to Howden, recent data shows that the indirect costs involved in cleaning up after such breaches are still much smaller than those shouldered by firms directly impacted by such attacks. 

This is not to say that the risk of such incidents, particularly so-called “cornerstone attacks” on popular operating systems like Linux and Windows, should be dismissed by cyber insurance providers or the clients thereof, said Howden. “As well as state actors, some criminal groups are known to be investing large amounts of cash into developing a wide-ranging compromise of this nature,” said the provider. “Although the likelihood of such an event remains low, requiring a cascade of unfortunate events to occur, the impact could be catastrophic.” 

Content from our partners
Scan and deliver
GenAI cybersecurity: "A super-human analyst, with a brain the size of a planet."
Cloud, AI, and cyber security – highlights from DTX Manchester

Read more: Beazley completes cyber insurance catastrophe bond

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.