Cyber insurance is experiencing a prolonged “moment of frustration.” Insurers face volatile cycles, pricing pressures and inconsistent growth.
A recent report by Munich Re found the global cyber insurance market totaled $15.3 billion in 2024, and is expected to reach $16.3 billion by the end of 2025. Although these amounts are substantial in an absolute sense, the 2024 market valuation represents less than 1% of the global premium volume for property and casualty insurance in 2024.
Market stagnation stems from systemic constraints, not lack of intent or effort. Breaking free requires more credible, bottom-up data and smarter technology partnerships. The cyber insurance market remains a relatively untapped growth opportunity for insurers, with many businesses underinsured or not insured at all for cyber risk.
Why insurers feel stuck
There are four primary sources of frustration for cyber insurers.
Inconsistent and unstable market cycles: Pricing volatility undermines planning and portfolio management. Cyber, thus far, behaves unlike property/casualty and swings more dramatically. Cyber insurance pricing is impacted largely by the loss experience of specific industry sectors; as one Canadian insurance broker explains, “Segments with a high frequency or severity of claims are seeing steep increases in premiums, with some renewals experiencing hikes of 100% to as much as 300% or 400%. On the other hand, sectors with minimal claims are benefiting from substantial decreases, with premiums being reduced by up to 50% in some cases.”
Broker strain and limited reinvestment capacity: Thin margins reduce the ability to scale advisory services. Cyber brokers are stuck in a cycle. Their clients always prefer better terms and conditions (pricing, retention, coverage wording). But that requires a broker to work hard in negotiations with insurers. Because brokers often earn commissions based on the premium paid by their client, their revenue goes up and down with market conditions for pricing. Right now, pricing is down, and so too are revenues for the brokers who are also working harder on each deal. The ultimate result is that brokers lack the time, margin, and other resources to invest in solutions and services that would improve their efficiency – or expand cyber risk advisory capabilities. Until that cycle is broken, the model’s at risk, and innovation will stall.
Underwriters constrained by legacy data and outdated applications: Reliance on assumptions rather than actuarial-grade inputs. Securing capital or reinsurance requires a structured approach and standardized data that validates safeguards necessary to manage claims effectively.
Stagnant top-line growth: There is a danger that pricing compression might outpace new buyer growth, as commented recently by top cyber insurers. However, the cyber insurance market is still largely a white space, with most businesses being underinsured or not insured at all.
Why innovation is stalling
Insurers are inundated with technology vendors promising automation, improved cyber risk evaluation and visibility. Many tools produce opaque or low-value outputs, creating reputational risk. Decision-makers are exhausted by evaluating overlapping or unproven solutions.
Cybersecurity vendors also feel frustrated, struggling with long, inconsistent insurance sales motions. The net effect is that mutual friction slows adoption, experimentation and innovation.
What’s more, cyber insurance is still divorced from day-to-day security reality. Ambiguous and inconsistent insurance application questions aren’t aligned with how cybersecurity teams operate or document controls. For example, many cyber insurance applications ask whether multifactor authentication (MFA) is enabled, and for cybersecurity, that question touches dozens of systems, if not more. You might have MFA on your email system and nothing else, which is an obvious defense weakness.
There’s now a temporal mismatch between underwriting and real-world cybersecurity. The current paradigm is annual renewals, but companies face a continuously changing security posture. The purpose of cybersecurity is to inform and guide a business on how to mitigate risk. Insurance is one method of financial mitigation (risk transfer), so it’s one tool in the toolbelt.
Ideally, investing in cybersecurity helps you arrive at an acceptable level of risk, but if you don’t want to (or can’t afford to) implement technology to get there, you can “buy down” your risk by transferring some to a third party. So, large companies are likely fine with annual insurance contracts because they purchase large amounts of insurance. Conversely, small and medium-sized businesses face risk exposure changes, which could require more insurance than they purchase and call for a more dynamic product, like monthly contracts.
Another issue is fragmented and unverifiable enterprise data; dozens of tools yield inconsistent or siloed posture reports. Organizations juggle an average of 83 different security solutions from 29 vendors.
There’s no standardized, granular and verifiable data about a company’s cyber posture, similar to the detailed, standardized data used in property engineering (like physical inspections and building codes) for insurance. Cyber lacks standardized, ground-truth data collection or validation. The result is that underwriters know they are slightly “off” but lack the inputs to correct the course.
Better data structure will unlock capital efficiency and growth
Insurers require standardized, field-level data, not more noise or larger questionnaires. Continuous, verifiable evidence strengthens:
- Actuarial modeling and portfolio analytics.
- Reinsurance negotiations and capital efficiency.
- Accuracy in underwriting and reduced accumulation risk
Better data enables insurers to expand coverage, reach new buyers and reduce uncertainty. Collaborative partnerships with cybersecurity vendors and data providers unify fragmented information.
Gaining momentum, not frustration
The cyber insurance sector is facing its “moment of frustration,” as insurers struggle with prolonged market cycles, downward pricing pressure and limited capacity for innovation. The forces behind that frustration include brokers unable to reinvest in growth, underwriters constrained by outdated data models, and the toll of “vendor fatigue” as insurers wade through a sea of tech solutions that still need to deliver compelling return on investment. Moreover, tech and cybersecurity vendors are also frustrated; they are accustomed to moving quickly and struggle to understand why insurance “motions” tend to stall. Better, field-level data structures and smarter partnerships can unlock capital efficiency and restore momentum to a stagnant market.
The progress achieved through the use of modern technologies, especially machine learning and AI, will enable a greater ability to analyze cyber risk. This, in turn, will result in increased engagement of capital markets in contributing to the overall cyber resilience of the digital economy through relevant and innovative insurance coverages.
About the Author
Max Perkins is Head of Insurance Solutions and COO for Spektrum Labs, an AI-first cyber resilience company that provides agents and tools to reduce the time, cost, and complexity of maintaining provable and effective security and insurability. Spektrum unifies the disconnected domains of cybersecurity, backup, and insurance into one continuous, automated system. By fusing these traditionally disconnected areas, Spektrum enables businesses to prove and maintain continuous resilience—from preventing cyber threats, to instant recovery, to securing financial coverage—all in one place. Spektrum unlocks resilience, automating and verifying the connection between security and insurance, so businesses can recover faster and protect their future.
Prior to joining Spektrum, Max’s professional career had been focused on insurance and risk management with particular expertise in intangible boardroom risks such as cyber, privacy, and intellectual property, and the overall impact of technology on business. Max was head of Strategy & Innovation for AXIS Capital’s Cyber & Technology underwriting division, where his responsibilities included risk capital management and leadership in launching the world’s first securitized 144a Cyber Cat Bond. Prior to joining AXIS in April 2020, he was an insurance broker at Lockton Companies and an underwriter at AIG, CHUBB and Beazley – operating both in the US and London markets.
Max and his family reside in Durham, North Carolina. He is a member of the Board of Trustees at Duke University and is the President-Elect of the university’s Alumni Board. Max is also a member of the Emily Krzyzewski Center Board of Directors, an educational access nonprofit.
Max can be reached on LinkedIn and at https://spektrum.ai.
