After a sharp rise, cyber insurance rates show signs of stabilizing

An uptick in costly cyberattacks led cyber insurance providers to hike their rates in 2021, with standalone cyber coverage premiums increasing an estimated 92% year-over-year, according to industry data.

But a report released Wednesday from a major insurance broker suggests that there is an “increasing sense of cautious optimism” that the sharp rate increases are leveling off, as premiums exceed losses and businesses lower their cyber coverage limits.

The average U.S. cyber price per million, which is used to measure insurance rate increases, peaked in December 2021 and has been slowly declining throughout 2022, according to the report from Marsh.

“Our clients seeking to purchase cyber insurance have endured an incredibly challenging market over the last two years as insurers imposed triple-digit increases across the board, regardless of loss history,” said Meredith Schnur, Marsh’s cyber brokerage leader. “The good news is, this pricing adjustment period seems to be waning. Insurers are more willing today to price cyber coverage on an account by account basis and reward those with strong cyber hygiene.”

High-profile attacks involving SolarWinds, Microsoft Exchange, Colonial Pipeline, Kaseya, Log4j, and others stoked an appetite for cyber insurance in 2021, according to industry experts. Those incidents — as well as increasing losses from routine ransomware attacks — helped fuel the rise in premiums and made cyber insurance the fastest growing product segment in the U.S. property and casualty (P/C) insurance market, according to Fitch.

Although cyber insurance premiums are still increasing, they’re doing so at a far lower rate than in 2021.

The report also found that more businesses are seeking lower cyber coverage limits — likely a result of soaring rate increases over the last two years. Less than 10% of Marsh clients increased their cyber coverage during the first four months of 2022, compared with more than 20% of clients who decreased their limits.

“Faced with the dramatic rate hikes seen in the past 18 to 24 months, many companies have had to make difficult choices and reconsider the levels of risk they can retain, manage, and transfer,” the report said.