Cyber insurance premiums drop for first time, new report finds

Dive Brief:

• Cybersecurity insurance premiums declined 2.3% year over year to roughly $7.1 billion in 2024, according to a new report released on Monday by credit rating agency AM Best.
• Meanwhile, cyber insurance providers’ loss ratio — the proportion of premiums they use to pay out claims — remained below 50%, indicating that the market remains profitable.
• AM Best offered several possible explanations for the slight premium decline.

Dive Insight:

Last year’s decrease in the premiums generated from cyber insurance represents the first such decline since the National Association of Insurance Commissioners began collecting data in 2015, according to AM Best’s report. But according to the credit agency, the drop was “driven more by pricing changes than any changes in [risk] exposure.” 

Cyber insurance prices decreased by 1.6%, on average, in the second, third, and fourth quarters of 2024, according to Council of Insurance Agents and Brokers data that AM Best cited.

“That the premium decrease is close to the pricing decrease indicates that the demand for cyber insurance is steady,” AM Best’s report said.

Another possible explanation, according to the company: Some large businesses may be creating their own subsidiary, aka captive, insurance companies and using those to manage their cyber-risk exposure, a practice known as self-insurance. Companies using these self-insurance arrangements don’t report data to the NAIC, possibly contributing to data showing declining premiums. “Organizations that have strong cyber hygiene and historically good loss experience are finding it more beneficial to pay their own captive, keeping the money under the same parent, thus keeping the benefit of their own good experience,” AM Best said. 

The top five cyber insurers by annual premiums remained unchanged in 2024 from the year prior, with Chubb maintaining its top ranking, Fairfax Financial holding onto third place and Travelers Group jumping from fourth to second. The Hartford, Erie and Berkshire Hathaway held the most policies.

Third-party risk represents a serious emerging challenge in the cyber-insurance marketplace, AM Best said, as companies with complex webs of third-party vendors face diverse and difficult-to-manage cyber risks. Those companies may find it difficult to collect insurance payouts from losses related to vendor breaches, in part because they may fear damaging their relationships with those vendors, according to AM Best. “Part of a good cyber hygiene strategy should include due diligence on third-party vendors and anticipation of such scenarios.”