We offer a comprehensive and continuous dataset to give you unique insights across multiple industries.
Insight
Our integrated data insights can be viewed and continually assessed with our software platform, Russell ALPS.
Analysis
Our expert consultants can take a customised and commercialised approach to problem-solving to suit your interests or situation.
Action
Tom Wakefield, Global CEO, Gallagher Re opened the Zywave Cyber Risk Insights London 2025 with a keynote speech entitled Beyond Boom and Bust, in which he outlined how the growing cyber insurance market needs to work together to grow sustainably.
Are we at an inflection point? Reinsurers’ dedicated capital increased by 5.4% in 2024 to USD769B. Global reinsurers have healthy balance sheets which has fuelled their confidence to take on more risk, grow their exposure and make inroads into market like cyber. Growth has stalled in the last couple of years, however, which was perhaps inevitable following the explosive pace of early cyber insurance market growth.
We are entering a new era of GenAI, which can create a better client experience, but hackers will use GenAI to create new threat vectors. There is a slower pace of innovation in cyber today. "The market is in danger of chasing itself down. Brokers can help with better data insights. We need a more robust RDS" the audience was told.
Cyber aggregate risk can be worse than normal physical risk, so there is a real need to educate stakeholders in wider society. People are 167 times more likely to be the victim of a cyber-attack than a burglary, Wakefield said.
Today's $17 billion market in cyber is not as big as predicted some years ago and is some way off forecasts of $25 billion plus. The reasons why are complex, but it seems clear that the geopolitical environment is having an impact on SMEs, so tech risk is not so much front and centre of mind.
There is plenty of capacity but not so many new cyber buyers, with supply outstripping demand in the first quarter. "We are in a saturated market at the moment, with few buyers", said one panellist. "Adequacy is being eroded by loss increases and rate falls," said another speaker. This is the inflection point as carriers begin to cede less.
Facilities are working well for the London market at the moment. Cyber is not a compelling purchase like property. In fact, the property market is hard so there is less budget for cyber. It is a difficult time to be entering the cyber market.
Speakers agreed that the market needs to focus more on Business Interruption covers - physical damage covers are OK, but non damage needs work – BI towers are not fit for purpose. It was suggested that it might be a good idea to look at how (re)insurers build these towers in property. Cyber infrastructure failure is hampered by exclusions, so we need to learn from the property market and how it is innovating in areas such as Parametrics, for example.
Underwriting teams have upskilled tech capability and that needs to continue. The UK government is currently running a consultation on a set of proposals to reduce the impact of ransomware. The proposals include:
A targeted ban on ransomware payments for all public sector bodies and regulated providers of Critical National infrastructure.
An authorisation system for ransomware payments.
A mandatory reporting regime for ransomware incidents.
If enacted, the proposals amount to a significant intervention by the UK government and go much further than any other government has gone in attempting to disrupt the ransomware business model. The audience learnt that these proposals are important precisely because "the NHS is uninsurable, and it is the same for TFL, the risks are most dangerous for the government."
There is poor take up of cyber insurance for SMEs, which is as low as 7% in the UK. Why is this when 50% of businesses are suffering cyber-attacks every year? Specialist brokers can help to sell the benefits. General liability brokers can struggle if they don’t have the expertise. The onus is on underwriters to educate the brokers while broker experience and expertise is "patchy."
Is a cyber policy attractive to SMEs? No. But it is a great time for insureds to take up cyber because prices are low while the coverage is broad. Cyber is also a policy that typically pays out to the client, although one panellist was sad to report that CISOs are very sceptical of cyber insurance. Another speaker mentioned that it is worth looking at the CFC ransomware calculator and the Chubb cyber index. These are helpful tools and both of them are free.
"What is threat intelligence?" asked one panellist. Her answer is that it is the collection and production of insights that indicate cyber threat – prescriptive analysis to reduce risks, through actionable intelligence." This was an interesting observation that chimes with Russell Group thinking.
The audience was asked if it is aware that their companies will have data going across to the dark web, which can be disseminated by various threat actors and TTPs. The term Tactics, Techniques and Procedures (TTP) describes the behaviour of a threat actor and a structured framework for executing a cyberattack, according to the Splunk Blog. The actors can range from hacktivists and hobbyist hackers to autonomous cybercriminals, underground rings and state-sponsored adversaries.
As a consequence of these multiplying threat actors, the insurance market needs to update its minimum cyber standards – employing threat quantification using data. Threat actors are poisoning the data intentionally. Data poisoning is a type of cyberattack where threat actors manipulate or corrupt the training data used to develop artificial intelligence (AI) and machine learning (ML) models.
Another speaker outlined the dangers of objective and subjective data gaps. Data gaps are missing or incomplete data sets, while biases arise from unrepresentative data. TTPs, malware, and threat actors can exploit these gaps.
One panellist explained how they use their claims datasets. They see some very useful information from their data of 1400 claims which gives them the edge over third parties including the cyber impact factors: length of outage, the reason for a Business Interruption. Their business has a cyber incident management team, which provides claims correlation analysis. According to this panellist, it is about "better intelligence, not more intelligence. It has to be quantifiable."
UK cyber insurance penetration for all business is currently 10%. The percentage figure rises to 50% for FTSE 100 companies and then falls to 16% for FTSE 250 businesses. The audience was told that BI solutions could improve the take up going forward.
The SME market needs to wake up, particularly the Small business in the SME acronym. According to panellist Vijay Rathour who has helped to write a report for the ABI report, small businesses will go bust with no cash flow. Small business must also prove to big companies that they are safe to do business with, from a digital connection and supply chain perspective.
A three-day outage in a month is 9% of monthly income so no cash flow means you can’t pay employees. The market is therefore looking to the SME sector to grow the customer base. Parametrics could be the ultimate solution for SMEs, as it gives the customer clarity.
The key takeaways are that the market must understand the underlying data to help reinsurers manage capital allocation. This can be done though structures providing better risk quantification throughout the capital value chain. New threat intelligence must be used to close the protection gap. Clients remain uninsured at lower SME level and the market must up its game here, perhaps looking to parametric and BI solutions to develop new business.
The volatile state of today's geopolitics, and greater digital and supply chain connectivity are major problems fuelling deeper and wider exposures so how do we adequately insure businesses when clients are still driven by price? The audience was told that it must "explain the benefits, not the coverage." Cyber-attack events such as CDK and CrowdStrike show the need, but we must be more aware of these accumulations and we need a cyber version of RMS, was the concluding remark.
