The commercial cyber liability insurance market will likely grow dramatically over the next several years, according to industry sources.

Some see a doubling or tripling of gross written premium in the next decade, driven by larger organizations seeking higher limits and greater penetration among small and medium-sized enterprises.

The growth is being fueled by established insurers increasing line sizes and new entrants adding capacity to the sector, sources said. The sector also tapped the capital markets for the first time in late 2023, through the issuance of insurance-linked securities, or cyber cat bonds (see related story below).

Gallagher Re, the reinsurance business of Arthur J. Gallagher & Co., estimates the global cyber insurance market will end 2024 at about $14.8 billion, having grown from $13.1 billion in 2023, said Jasper Goring, New York-based head of cyber reinsurance, North America, for the reinsurance broker.

“No one has the exact same data, but virtually everybody’s data does show the market getting bigger,” Mr. Goring said.

“The market will carry on growing to a $20 billion, $25 billion, $30 billion-plus global cyber market,” with the timing of that growth more difficult to forecast due to “external forces that are impossible to predict,” such as macroeconomic factors, he said.

San Francisco-based CyberCube Analytics Inc. recently projected that the U.S. stand-alone cyber insurance industry would grow to at least $45 billion in premium over the next 10 years, “but it has a capacity to grow substantially larger than that,” said CyberCube CEO Pascal Millaire.

In the near term, the global cyber market is forecast to reach almost $20 billion in 2025 and $29 billion in 2027, according to Munich, Germany-based Cyrus Delarami, underwriting manager, corporate underwriting cyber, at Munich Reinsurance Co.

Munich Re pegged the 2023 market at approximately $14 billion, meaning the market could roughly double over the next three years, according to the reinsurer’s estimate. Premium is heavily weighted toward the U.S., which accounts for about 70% of global cyber premium, followed by Europe, Mr. Delarami said.

Penetration rates across Asia and the rest of the world are substantially lower, most sources said, posing a potential opportunity for growth.

While the commercial cyber insurance sector is still dwarfed by the rest of the commercial property/casualty business, “We know that we have to do something about it because it’s one of the biggest risks that we are facing as a society,” Mr. Delarami said.

Growth could come from increased penetration among small and medium-sized enterprises, said Michael Phillips, New York-based U.S. cyber practice leader, at specialist insurer CFC Group Ltd.

CFC estimates penetration rates could be as low as 10% among SMEs, he said. Increased focus on products designed specifically for the segment should lead to more traction.

At the other end of the market, large cyber insurance buyers continue to add limits, Mr. Phillips said. Some of the largest buyers of cyber insurance have built $1 billion towers, a threshold that was “mythical for a long time,” he said.

“We have seen many increase the limits that they currently buy for a variety of reasons,” including third-party supply chain risk, Rachel Lavender, Washington-based U.S. and Canada cyber brokerage leader for Marsh LLC, said of the large account segment.

Cyber insurance market capacity is expanding to accommodate the demand, she said.

“We are seeing a continued growth in the supply of capacity with new markets as well as existing markets increasing the level of capacity that they’re offering on any one account,” Ms. Lavender said.

Axa XL, a unit of Axa S.A., established a middle-market cyber unit, said Michelle Chia, New York-based chief underwriting officer, cyber, Americas.

“We must be in the middle market and small, mid-sized space” to create a resilient environment, which will benefit all policyholders due to the highly integrated and connected nature of business operations, Ms. Chia said.

---

New cat bonds expand capacity for insurers

The fourth quarter of 2023 witnessed the birth of the public “cyber cat bond,” as the commercial cyber insurance sector, for the first time, turned to the capital markets for capacity.

The capital provided by these tradeable financial instruments will foster growth of commercial cyber insurance markets, sources said.

“In order for the cyber insurance market to grow and reach its potential, it needs capacity, alternative capacity from the ILS market,” said Pascal Millaire, CEO of San Francisco-based CyberCube Analytics Inc., which models quantitative loss of cyber incidents for insurance industry clients such as insurers, reinsurers — including ILS sponsors — and brokers.

In the fourth quarter of last year, cyber ILS accounted for 7.5% of all issuance, “which is quite remarkable from a standing start,” Mr. Millaire said. “We think we’re just at the very early innings in terms of how large a cyber ILS market could become and, frankly, needs to become, to support the growth of the cyber insurance industry.”

“We think ILS will be a really important tool and source of capital for the cyber market in the future,” said Jasper Goring, New York-based head of cyber reinsurance, North America, for Gallagher Re, the reinsurance business of Arthur J. Gallagher & Co.

“We’ve done a huge amount in the last 18 to 24 months with developing new reinsurance vehicles in order to unlock additional alternative capital. That’s been very much with a view to the future. If the market is going to carry on growing to $20 billion, $30 billion, then we are going to need the alternative capital or a richer menu of reinsurance vehicles that can attract a broader, deeper pool of capital,” Mr. Goring said.

“There’s extraordinary promise in engaging with the capital markets alongside the traditional reinsurance market to make sure that the cyber insurance market as a whole is sustainable for the long term,” said Michael Phillips, New York-based U.S. cyber practice leader at specialist insurer CFC Group Ltd.