H1/2021 Suggested Reading: Cyber Insurance Market undergoing massive transformation; Reports by Coalition, Howden, Verizon DBIR

After the surge of cyber crime during the COVID 19 pandemic, spearheaded by a surge in ransomware attacks, the renewals on January 1st 2021 were the by far most anticipated in the history of cyber insurance. With year-over-year price increases of roughly 30% across the board on 1/1 (), the market has indeed entered a heavy adjustment phase.

With now more than 6 month after the renewals, and the 2022 renewals also looming, we want to provide you with the recently released reports.

Coalition Claims Report H1/2021

Integrated Cyber Insurance managing general agent (MGA) and cyber security service/platform provider Coalition has released a detailed report on the claims it saw for its almost 50,000 policy holders ().

The most important takeaways for its own portfolio were:

  • Cyber crime is increasing like never before. Business email compromise (BEC) incidents led the way with the frequency of reported incidents up 51% year-over-year.
  • Ransomware is growing in severity. The average ransom demand made to our policyholders in the first half of 2021 was $1.2 million, a nearly 170% increase from the average demand in the first half of 2020. As the business impact of ransomware attacks has grown, so too has the leverage of criminals to demand larger ransoms. This has also made smaller businesses more attractive targets than they once were.
  • Criminals are taking advantage of dislocations in how we work. The increase in remote work has meant fewer in-person interactions, more electronic funds transfers, and more opportunities for criminals to exploit changes in operational processes undertaken by many organizations in response to COVID-19. The average amount of funds stolen increased 179% from the first half of 2020 to 2021, from $116,842 to $326,264.
  • The number of organizations with remote access protocols and tools such as Microsoft Remote Desktop enabled when they applied for insurance nearly doubled from the first half of 2020 to 2021. The rate of policyholders who experienced a claim due to exposed RDP also increased from 29% to 40%, and the severity of these incidents increased by 103%.

In addition to analysis of their own portfolio, the Coalition report also features a great overview of market wide stats, case studies of incidents, and a breakdown of ransomware demands by maleware type.

Howden Report: Cyber Insurance – A Hard Reset

The recent report by the Howden Group in conjunction with KELA, kovrr, and WireX Systems, provides valuable insights into the current cyber insurance market (). Besides the mentioned increase in prices by about 32%, some key takeaways of the report are:

  • 92% of Brokers in Q1 reported an increase in demand for cyber insurance and 72% a decrease in available capacity, indicating a massive imbalance between supply and demand. Besides price adjustments, these will likely lead to a tightening of cyber security requirements.
  • The cyber insurance niche still grows faster than the overall P&C insurance market, with compounded annual growth rates of about 25%ish.
  • The report also provides insights into the non-US markets for cyber insurance, for which data is quite scarce.  The cyber loss ratio for the French market was estimated at 167% (!), noting that four large claims were responsible for the escalation of damages. At the same time, 87% of large companies in France have a cyber insurance policy in place, compared to only 8% of mid-sized companies, indicating that the potential to grow especially in the SME market is still a worldwide opportunity.

Verizon DBIR 2021 Report

Not report on a cyber insurance per se, the Verizon Data Breach Investigation Report has in its now 14 iteration provided data on cyber incidents for over a decade and is a stable of the empirical literature of cyber crime ().

Following the VERIS framework, the Verizon team analyzed 79,635 incidents, of which 29,207 met their quality standards and 5,258 were deemed confirmed breaches.  Among the key findings of the report were:

  • 85% of breaches involved a human element in the attack
  • 80% of incidents were financially motivated
  • 90% of hacking incidents were facilitated through web applications


Daniel Kasper

Daniel Kasper is the principal of Cyber Economics.