According to new analysis by S&P Global Ratings, cyber re/insurers face pricing pressure and increased competition in mature markets, especially the US, although growth opportunities exist in under-penetrated regions and from small and mid-sized enterprises.
The rating agency’s latest cyber market survey notes that cyber insurers utilise substantial reinsurance, with primary insurers ceding about 44% of premiums to reinsurers in 2024, on average.
S&P states that reinsurance is a cornerstone of stability in the cyber insurance space, highlighting how large-scale cyber events, such as global ransomware attacks or widespread data breaches, can generate losses that far exceed the capacity of a single insurer.
Therefore, by ceding part of their portfolio to reinsurers, insurers can diversify risk, protect their balance sheets, and maintain the financial stability needed to offer higher-limit and more comprehensive policies.
Additionally, reinsurers provide valuable expertise in modelling and assessing cyber threats, notes S&P. Without reinsurance, many insurers would struggle to write large or complex cyber policies, limiting market growth and the ability to respond effectively to catastrophic cyber events.
As per the report, cyber reinsurers have proven increasingly willing to assume risk as cedents have improved their underwriting discipline, technical underwriting capabilities, and risk controls. The shift towards excess of loss treaties, which avoid routine attritional losses, has also helped reinsurers to reduce their combined ratios.
This combination of factors led to net combined ratios of 88% for 2024 and 89% for 2023, down from 99% in 2022 and 104% in 2021, a trend expected to continue in the future, according to S&P.
S&P also believes that the cyber reinsurance market is in the early stages of becoming a maturing sector. This evolution underscores increasing sophistication, with reinsurers not just backstopping premiums but acting as active partners in helping insurers navigate the complex, fast-moving landscape of cyber risk.
Most affirmative cyber insurance is still ceded to reinsurers on a stand-alone, proportional basis, typically through quota share arrangements. In 2024, quota share accounted for about 76% of total reinsurance risk transfer.
Further, the cyber reinsurance market has also adopted non-proportional structures, including aggregate excess of loss and stop loss, catastrophe, event and occurrence-based structures and catastrophe bonds.
However, S&P warns that some cedents may question the value of non-proportional treaties, needing them to demonstrate their value and the attachment points, and to prevent cedents from increasing self-retention.
S&P said, “There may be pressure for reinsurance contracts to expand the working layers to more frequently capture losses that sit below current attachment points. While this could improve value for cedents, reinsurers may be reluctant to adopt that approach given the rapid evolution of cyber risk. The expansion of coverage limits, further rate reductions, or an easing of policy terms could quickly undermine cyber insurance’s profitability.”
About the Author
