Ransomware persists, but cyber premiums are down

Cyber insurance has been one of the fastest-growing lines of insurance over the last decade, but growth slowed in 2023.

Fewer targeted organizations are giving in to their attackers, with only 28% paying ransoms as of the first quarter of 2024, compared to 70% who paid in 2020. (Credit: terovesalainen/Adobe Stock;)

Global cyber insurance pricing is down 15% from its peak in 2022, despite the persistent threat of ransomware, says Howden’s 2024 Cyber Insurance Report.

Though cyber insurance has been one of the fastest-growing lines of coverage over the last decade, 2023 showed the slowest growth rate (5%) since the market’s inception. The report notes that, “Absent any shocks, pricing from here is unlikely to drive market expansion to the extent it did during the 2020-2022 correction, requiring ambitious plans for exposure growth.”

Ransomware continues to be the costliest form of cyberattack, with Howden reporting that the past 12 months have “seen the splintering of ransomware groups, increased collaboration between hackers and tacit support from hostile governments.” Recovery costs for these events are bouncing back after a temporary dip in 2022. However, fewer targeted organizations are giving in to their attackers, with only 28% paying ransoms as of the first quarter of 2024, compared to 70% who paid in 2020.

Howdens’ report states: “Companies that have invested in risk controls and crisis management are now less susceptible to material impacts, rebalancing cost-benefit considerations for some firms over whether to pay ransoms. Furthermore, the increasing prevalence of double and even triple extortion has undermined the assumption that paying a ransom will put a stop to the hack.”

Organizations are also fighting back against these threats with investments in cybersecurity and insurance coverage, which makes them more resilient to financially motivated attacks and better prepared to navigate larger-scale incidents like the recent MOVEit, Change Healthcare, and NHS hacks. Cybersecurity measures include introducing multi-factor authentication, having thorough backup systems, providing employees with security awareness training and other solutions that increase their defense against attacks.

In addition to increased mitigation efforts from businesses and individuals, insurance competition has also led to a drop in cyber premiums. Howden’s Global Cyber Insurance Pricing Index shows a rapid switch from triple-digit premium increases in 2021 and 2022 to double-digit reductions in 2023 and 2024, with the index sitting 15% lower than the peak recorded in mid-2022.

An increase in capacity has also driven this trend, along with some insurers’ willingness to increase cyber coverage limits and remove cover restrictions for things like ransomware. Howden predicts these improved conditions will continue through the second half of 2024.

Related: