UK cyber rates down 12% YOY amid capacity glut; further decreases expected: Marsh

Cyber insurance rates for Marsh’s larger UK clients fell, on average, by 12% in the first quarter of 2024 compared to the year-ago quarter, and further rate decreases are expected in upcoming quarters.

The cyber market became “increasingly buyer-friendly” in the first quarter of 2024, with an abundance of capacity and intense competition among insurers driving rate decreases, Marsh said in its first-quarter round-up of the sector. 

This was the second consecutive quarter the market experienced double-digit rate reductions. 

Most clients (74%) experienced premium decreases in the quarter, while 6% saw their premium unchanged and 21% paid more premium, Marsh said. There were limit increases across all sectors, by the largest limit increases were seen in the retail/wholesale sector, which saw limits rise by 24%.

With “fierce” competition in the primary sector, further rate decreases are anticipated, on both a primary and excess basis. 

Rising threats

The broker described described appetite for cyber risk among insurers in the first quarter as somewhat paradoxical, noting that cyber threats have remained significant and persistent, with large numbers of ransomware and privacy losses.

In the first quarter of 2024, it received a “flurry” of notifications including malicious exploits of zero-day vulnerabilities and ransomware incidents which continued to be financially burdensome. 

The development of Artificial Intelligence (AI) contributed to a heightened threat landscape, with, for example, the increased sophistication of social engineering. One deepfake scam recently resulting in a duped payment running into the tens of millions of pounds, Marsh noted. The broker expects a rise in incidents leveraging this type of technology. 

“We are likely to see an increase in phishing emails and business email compromise, as threat actors leverage generative AI, which can automate the process of sending phishing emails, personalise emails, and generally make them more sophisticated,” said Holly Waszak, head of cyber claims advocacy for Marsh UK. “For example, as many phishing emails no longer contain spelling or grammatical mistakes, people are failing to spot them.”