By Aidan Gregory

March 21 - (The Insurer) - S&P Global expects the cyber insurance market to reach $23 billion of annual premium volume by the end of 2026 with improved risk modelling, wider availability of cyber reinsurance and large-scale cyber events like CrowdStrike and WannaCry driving an expansion of capacity.

In an interview with The Insurer on Friday, Ronald Joas, managing director at S&P in New York, and London-based credit analyst Charles-Marie Delpuech said that the rating agency expects the exponential growth of the segment to continue, aided by an increasingly sophisticated cyber catastrophe bond and ILS market.

The cyber market remains a small but fast growing corner of the specialty insurance market. Premiums reached $14 billion in 2023 and are expected to rise by around 15% to 20% a year to reach $23 billion by the end of 2026, according to S&P’s cyber risk insights report published last week.

“We've seen a fair amount of growth on the primary side,” said Joas. “You have insurance companies that have been providing coverage in this area. They certainly started off fairly cautiously in terms of what coverages they were providing. That said, I think you can see that from a primary perspective, it's moving towards maybe greater comfort with providing those coverages.”

The rapid growth of the market has brought with it challenges. The increasing frequency of cyberattacks is expected to continue, particularly with the adoption of AI technologies, and such risks are notoriously difficult to model compared with other perils as they are caused by threat actors with unpredictable behaviour and intentions.

Rapid cyber premiums growth also created the need for insurers to syndicate their cyber risk beyond traditional reinsurance, leading to the establishment of the cyber catastrophe bond market over the last couple of years. Since January 2023, there have been 10 cyber cat bonds issued from five cedants which raised a combined $800 million, according to S&P.

“It's evolving into the financial markets,” said Joas. “This is another way of providing that reinsurance capacity, and in a way that provides a scalable capital base."

“Cyber risk is not going to go away,” added Joas. “If anything, it's going to increase exponentially over the coming years.”

The sustained growth and evolution of cyber reinsurance is critical to smoothing the rapid growth of the market over the years and servicing the needs of both carriers and customers.

“For the market to grow, you need the reinsurance market to grow,” said Delpuech. “More than 50% of the cyber insurance premium is reinsured. So, you need the reinsurance to grow. At the same time, ILS will provide this capacity as well. It’s a very symbiotic relationship.”

As well as reinsurance capacity, improved risk modelling and data disclosure is also critical for laying the foundations for the cyber market’s growth in the coming years as it will enable investors to become more comfortable with the opaque nature of cyber risks.

“The caution that we’ve seen is in no small part due to the companies trying to get a feel around what the exposure is, what the risks are, how to measure it, how to risk manage it, how to develop the capacity for it, who in the reinsurance market is willing to pick it up, and what other sources of capacity are there,” said Joas.

Joas added that risk modelling in the cyber market was still in its infancy compared to the natural catastrophe market for example, which has been around for several decades and is now well established.

“The modelling there is fairly well understood, even taking into consideration changes, for example, like climate change,” said Joas. “So, that all gets baked in, but the modelling is still well understood, if not standardized. You can't really say the same thing about cyber-ILS. It is still very new.”