Although the rapid growth of the cyber insurance market may be slowing, it continues to present a compelling growth opportunity, but looking ahead, this will be fueled by different drivers and regional variations, with small and medium-sized enterprises (SMEs) having the largest potential to address the existing cyber protection gap, Swiss Re analysts stated in a recent report.
The cyber insurance market experienced explosive growth of 32% annually from 2017 to 2022, with global premiums doubling twice, from 2017 to 2020 and again from 2020 to 2022, and forecasts were projecting a continuation of these very strong growth rates.
However, recent data reveals a slowdown in growth and decreasing insurance rates, suggesting previous optimism was unfounded. Despite this, projections of 20% annual growth persist, raising questions about their plausibility in the face of a shifting market reality.
Past growth was driven by large corporate buyers and rate increases, up to 2019 the market premium was largely growing by adding new exposure in North America and Europe. More and more corporates were purchasing cyber insurance.
From 2020 to 2022, the main growth driver changed when a surge in ransomware attacks resulted in substantial financial losses. In response to this elevated risk, the market reacted with increased rates to reflect the intensified exposure.
The cyber insurance industry reacted swiftly to the surge in ransomware attacks. Increased losses in 2019 and 2020 led insurers to tighten their underwriting standards, requiring stronger cybersecurity measures from policyholders.
They also reduced coverage limits and raised premiums to accurately reflect the heightened risk. Despite significant rate hikes in 2020 organic exposure growth (clients purchasing new policies and existing clients purchasing higher limits) was actually lagging.
Premium growth peaked in 2022, driven by these pricing adjustments rather than an increase in the number of policies.
In 2022 and 2023, the cyber insurance market experienced a significant shift. Initially, strong rates and profitability attracted new entrants, increasing competition. This led to rate reductions in 2023, offsetting much of the organic growth.
The pronounced upwards cycle until 2022, followed shortly by a downwards trend has been observed globally, however, with some regional nuances. North America saw higher rate increases than Europe, particularly impacting large corporations, while the SME segment saw more modest changes.
Despite the era of rapid, double-digit expansion in the cyber insurance insurance market is starting to cool, there is no lack of potential, as different regions have different needs and there is still a large cyber protection gap all around the world, Swiss Re highlights.
“When looking at market developments and exploring the Swiss Re Cyber Data Lake, we expect a continued phase of growth – however with different drivers and regional variation,” Dani Tobler, Head Cyber Reinsurance at Swiss Re, stated.
He continued: “The cyber market is far from saturated. For 2025, Swiss Re is estimating a market premium of 16.6bn (+8% over 2024) and the cyber protection gap remains huge. On the one hand, there is significant geographical potential as can be seen in the uneven distribution of cyber premium across regions.
“North America dominates with 70% premium share followed by Europe (19%) and APAC (8%) according to Swiss Re data. This not only illustrates the varying cyber market maturity levels around the globe but also underpins the untapped cyber market growth potential of many economies in Europe and APAC.”
Cyber insurance adoption varies significantly across customer segments, Tobler noted. Large corporations (those with annual revenue exceeding $10 billion) have embraced cyber insurance at a much higher rate (80%, according to Swiss Re) than SMEs (those with annual revenue below $100 million), which show only about 10% adoption.
“As a result, organic growth in the Large Corporate sector is largely limited to clients purchasing higher limits, whereas the potential in the SME market remains significant through clients purchasing new policies,” Tobler explained.
“In short, there is a huge cyber protection gap for small and medium sized companies. The SME segment offers a major growth opportunity for cyber insurance globally. However, serving small and medium size businesses requires investment and adapted approaches.”
He concluded: “The cyber insurance market continues to present a compelling growth opportunity, outpacing other lines of business. However, it’s crucial to maintain realistic expectations for future growth.
“Market data suggests that as from 2023 the cyber market moved from a rate increase-driven and double-digit growth trend to a rather single-digit exposure growth scenario. Going forward market participants need to focus on expanding the client base in order to grow their business sustainably.
“The largest potential lies in the SME opportunity: To strengthen resilience against cyber threats, the insurance industry must not only broaden its geographic footprint, but also tailor risk transfer products and services to the specific needs of this client segment and find efficient ways to distribute them.”