IE 11 Not Supported

For optimal browsing, we recommend Chrome, Firefox or Safari browsers.

Where Next for Government in the Cyber Insurance Market?

Cyber insurance is only getting more expensive, and the market is changing dramatically, with more changes to come. So what trends will drive adoption, rates and the wider future of cyber insurance?

Closeup of a person typing on a keyboard.
Harvard Business Review recently released an article entitled “The Cyber Insurance Market Needs More Money.” Here’s an excerpt:

“Cyber insurance is harder for companies to find than it was a year ago — and it’s likely going to get harder. While cyber insurance is becoming more of a must-have for businesses, the explosion of ransomware and cyberattacks mean it’s also becoming a less enticing business for insurers. The average ransom payment shot up 82 percent from 2020 to 2021. By the middle of last year, the number of ransomware attacks was up more than 150 percent over the entirety of 2020. And this has had direct implications for the insurance industry: The uptick in attacks — and payouts — has meant steeper losses for insurers and dulled their appetites for this emerging and often volatile class of business.”

Indeed, many of the state and local government leaders I have spoken with over the past several months said their costs have doubled and amount of cyber insurance coverage has been cut — sometimes by as much as 50 percent.

Other public- and private-sector organizations have decided that they can no longer afford cyber insurance, which creates new risks when policies are cut.

Ukraine Conflict Raises More Questions

Meanwhile, the current Russian war with Ukraine has raised new concerns regarding cyber insurance. Consider these headlines:

Cybersecurity DiveUkraine war tests cyber insurance exclusions”:

“The Russian invasion of Ukraine will put significant pressure on the global cyber insurance market as malicious attacks by state-linked threat actors create risk for multinational companies, critical infrastructure providers and government targets with data loss and business disruption. …

“The Ukraine conflict could place pressure on global supply chains and commodity prices, squeezing the insurance industry, according to a report from AM Best released last week. The conflict could raise the risk of a systemic cyberattack and lead to higher prices in an already hardened market.”

Fitch RatingsRussian Cyberattacks May Test Insurer War Exclusion Policy Language”:

“The Russian invasion of Ukraine has increased the risk of cyberattacks and potential claim costs for property/casualty (P/C) insurers globally that offer cyber coverage, the majority of which is underwritten in North America. Such attacks may also further test the effectiveness of ‘war exclusion’ and
‘hostile act exclusion’ language, which has come under greater scrutiny following a recent court ruling that found an insurer liable for losses stemming from the 2017 NotPetya malware attack. Nonetheless, larger insurers have taken significant pricing and underwriting actions in response to rising cyber claims in recent years, including tightened contract language, which should help mitigate underwriting losses in the current uncertain environment.”


The last few years have seen a surge in cyber incidents leading to financial losses, with 2019 being a year in which ransomware disrupted state and local governments, and 2020 being even worse as the pandemic led to more data breaches.

In 2021, ransomware disrupted infrastructure and brought down public and private networks as never before. These dramatic increases in cyber attacks have forced changes by insurers.

Consider these articles for examples of how the insurance industry is adapting to this new environment:

And yet, cyber insurance is not going away. This global news release states that the cyber insurance market is still set to grow dramatically over the next few years.

Here is a January 2022 headline: “Cyber Insurance Market to Register Stunning CAGR of 25.3% during 2021-2028| Cyber Insurance Industry, Size, Share, development by 2028.”


The article from the Harvard Business Review that I opened with suggests that insurance-linked securities, or ILS, may be able to help to grow the cyber insurance market.

Other articles, such as this one from Deloitte, offer additional alternatives.

And yet, as this article from the U.S. Government Accountability Office points out, “both insurers and clients face challenges. For example:
  • “Developing cyber insurance products can be hard because insurers don’t have much historical data on cyberattack-related costs.
  • “Determining what’s covered can be hard for clients because key terms like ‘cyberterrorism’ don’t have standard definitions.”

And I don’t see these challenges being fully resolved regarding cyber insurance anytime soon.
Daniel J. Lohrmann is an internationally recognized cybersecurity leader, technologist, keynote speaker and author.