# Cyberattack Surge Creates Opportunity for Insurers, Prompts Rethink on Premiums
A recent surge in high-profile cyberattacks is presenting a significant opportunity for insurers, including Munich Re AG and Chubb Ltd., to capitalize on the rapidly expanding market of cyber insurance.
The global cyber insurance market is expected to reach $16.3 billion by 2025, up from $15.3 billion in 2024, according to Munich Re. Global premium volume is anticipated to more than double to around $30 billion by 2030, growing at an average annual rate of over 10%. This surge in demand is largely driven by the increasing number of hacking crimes, with technology consultant Cyber Security Ventures estimating that a staggering $9.5 trillion was lost globally in hacking crimes in 2024.
The latest victim of a cyberattack is Marks & Spencer Group Plc, which faced a £300 million ($405 million) hit to operating profit this year due to the disruption caused by the hack. The company's shares plummeted after the attack, and it still grapples with the fallout. However, Beazley Plc, a pioneer in cyber insurance, saw a short-term increase in demand for coverage following the M&S hack.
"When high-profile breaches happen, shareholders start asking questions," said Sydonie Williams, the company's head of international cyber risks. "There was a sense of 'that could have been us.'" Cyber insurance products became a key growth driver for insurers from around 2019 or 2020, fueled by a spike in ransomware attacks by for-profit criminal gangs and the world's growing digitalization.
The scale of M&S's setback is likely to provide an incentive for other businesses to buy cyber insurance, and those with policies to check that their existing cover is adequate. Bloomberg Intelligence analysts Kevin Ryan and Charles Graham said, "A claim of this scale will attract intense scrutiny from insurers." While it "might not trigger an immediate hike in premiums across the board, it'll likely contribute to an upward trend."
Beazley and Allianz SE are among insurers on the hook for the British retailer's claim. According to CityAM, "What we always saw across the industry was that after a major attack, whether it’s covered or not by the insurers, the demand for cyber insurance would increase," said Abid Hussain, an analyst at Panmure Liberum.
"This is perverse, but it almost acts like a marketing tool to actually buy some cover," said Hussain. "We're at an inflection point across the industry where they need to work out whether the premiums are adequate." There's going to be another step change, either in the policy wording or in the premiums, or both."
Gross written premiums at Beazley's cyber risks unit are seen growing 67% over the next five years, Bloomberg estimates show. Cyberattacks remain the most pressing concern for risk-management experts, Allianz data shows, suggesting hedges against it may become more mainstream soon.
However, there remains a disconnect between cyber risk awareness and investment in cybersecurity insurance coverage. Less than half of companies in the FTSE 100 have a cyber policy, and that drops to below 10% for small- and medium-sized enterprises, Beazley's Williams said. Beyond the UK, 87% of C-level respondents consider their organization's protection to be inadequate, a global survey by Munich Re found.
"There's a tension between affordability and the desire to buy it," Panmure Liberum's Hussain said. "If you think there might be a global recession coming and people are tightening their belts, they will rightly or wrongly pull back on insurance coverage."