Why the Cyber Insurance Market is Surging

Cyber insurance is no longer a niche insurance product; it's now one of the fastest-growing segments in commercial insurance. From the high-profile cyber attack on Marks & Spencer to a steady stream of ransomware incidents affecting businesses of every size, organisations are waking up to the very real financial and reputational risks of cyber threats. And the insurance industry is responding in kind.

According to data published by Insurance Times , the UK cyber insurance market surged by over 33% between 2022 and 2023, reaching £251m in gross written premiums last year. And this is just the beginning.

As cyber threats become more sophisticated and public, demand is growing not only in volume but also in complexity, with organisations wanting more from their c ommercial insurance solutions.

The high-profile hacks fuelling demand.

In June 2024, Marks & Spencer confirmed a data breach in which thousands of employees' personal details were stolen via a third-party supplier. It followed a string of similar incidents affecting everyone from the BBC to British Airways. These aren't small businesses being targeted; instead, they're global names. And when high-street brands fall victim to cyberattacks, it sends a signal to the rest of the market: no one is immune.

Cyber criminals are no longer just focusing on enterprise-level targets or financial services. Manufacturing firms, charities, healthcare providers and education institutions are now firmly in the firing line. The diversification of attacks from ransomware to supply chain breaches is forcing a rethink across the board.

Growing premiums and more complexity

While rising premiums are partly a response to increased claims activity and loss ratios, the growth also reflects a shift in awareness. Businesses that once viewed cyber insurance as a 'nice-to-have' are now placing it at the heart of their risk management strategy.

However, it's not just about writing more policies. The nature of cover is changing too.

According to an Insurance Times article, the UK cyber insurance market has recorded double-digit growth for three consecutive years. SMEs and mid-market organisations now make up a significant share of new business. At the same time, insurers are adopting more comprehensive underwriting models, which often require firms to prove a certain level of cybersecurity maturity before they can be covered.

How can insurers adapt?

This is a pivotal moment for insurers and MGAs alike. On one hand, there's strong market potential and a clear customer need. On the other hand, cyber insurance requires a different approach to risk assessment, underwriting, and claims management.

Many traditional risk models weren't built for today's cyber threat landscape. The nature of cyber attacks, which are now fast-evolving, hard to predict, and often systemic, means insurers must invest in real-time threat intelligence, better data sharing mechanisms, and ongoing monitoring of cyber hygiene.

Product innovation is also on the rise. Some insurers are bundling cyber coverage with value-added services, such as access to cybersecurity consultants or incident response teams. Others are exploring modular policies that allow clients to tailor cover to specific risk profiles.

As the market matures, we can expect continued investment in both underwriting and insurance software . Additionally, AI and automation will play a growing role in everything from policy issuance to fraud detection. And as more organisations realise that cyber threats are not just an IT problem, but a boardroom issue, the appetite for cover will only increase.

But with increased opportunity comes increased responsibility. The industry must ensure that pricing remains sustainable, products remain relevant, and policyholders are adequately protected. Education, transparency, and collaboration will be key to success.