Skip to main content
main content, press tab to continue

Market update: GB cyber insurance

Q1 2024

May 08, 2024

Our GB Cyber Insurance team provide their insights on market trends, placements, policy coverage, claims, and incidents from Q1 2024.
Cyber Risk Management|Financial, Executive and Professional Risks (FINEX)

This is a quarterly update of the GB cyber insurance market in Q1 2024, providing analysis and insights for buyers and stakeholders, covering market trends, pricing, capacity, coverage, claims, and notable cyber incidents, and highlighting favourable conditions and opportunities for cyber insurance purchasers.

How to utilise these insights

Key observations from Q1 include:

  • Enhanced buying conditions: The quarter witnessed exceptionally favourable conditions for purchasers. The cyber market saw substantial improvements in rates and pricing, alongside a diverse array of policy options becoming available.
  • Increased market capacity: There was a significant persistence of capacity which fuelled highly competitive market conditions, continuing the trend from the latter half of 2023.
  • Significant pricing reductions: Clients commonly secured substantial pricing decreases, with double-digit reductions continuing to be the norm, echoing the trends observed in the second half of 2023.
  • Expanded policy coverage: Coverage for risks such as supply chain business interruption has become more available and increasingly sought after by clients.
  • Flexible underwriting: Insurers demonstrated a greater readiness to provide quotes with less comprehensive underwriting information compared to previous years.
  • Systemic risk events: A notable systemic event related to the supply chain occurred, potentially leading to a significant volume of cyber insurance claims from affected organisations. Further details on this are provided in the document.

Cyber insurance market trends

Q1 2024 saw very strong competition from insurers to deploy capacity on both primary and excess layers. Such market conditions have provided existing cyber insurance buyers with a range of options to purchase increased policy limits.

During Q1, established global cyber insurer Brit launched their “Cyber First50” offering, with capacity of up to USD50m, which has been developed to serve large institutional clients.

USD10m remains a more common average amount of capacity offered per insurer, with some insurers now offering limits/capacity more than USD10m.

WTW’s CyXS facility continues to serve new clients during Q1 with some existing clients increasing CyXS limits and/or utilising the automatically available CyXS Restore (reinstatement) function.

The CyXS facility is now able to offer limits of up to USD/GBP75m and can also now offer Cyber Property Damage cover, both of which will offer further risk transfer options to our clients.

WTW is very proud to unveil our International CyCore Facility (ICF) aimed at international clients headquartered outside of GB and US, offering primary capacity of up to USD 20 million (Or CCY equivalent) in primary coverage with a single lead insurer.

Premiums and self-insured retentions

Double digit premium reductions were often available during Q1 2024; however, this is not the default position and was influenced by several factors, particularly the existing premium level.

There were exceptions to these trends, such as placements where risk controls were perceived as insufficient, there has been claims activity, or increasingly where the current pricing was inadequate if such a discount in premiums was granted. We are seeing some insurers (including incumbents) walk away from business due to their concerns regarding price adequacy, a trend which we are monitoring closely.

In terms of self-insured retentions, insurers have generally been willing to provide alternative lower options/structures, particularly where this mitigates the level of premium reduction (trading a lower retention for a more modest premium reduction).

Overall, the cyber insurance market during Q1 2024 was a very favourable environment for buyer and thus now is a great time for new cyber insurance buyers to benefit from these conditions.

Policy coverage

During Q1 WTW had a new war exclusion approved by the Lloyd’s Market Association (LMA), which has provided a meaningful new option for our clients across the globe already, owing to its straight-forward structure and language.

Coverage for supply chain business interruption risk has remained a key area of focus for our clients during Q1 2024, against a backdrop such supply chain events continuing to surface in the public domain.

By way of an example, the February 2024 cyberattack on the US billing and payment colossus Change Healthcare highlighted such supply chain risk and chokepoints. The ransomware attack on the US’s largest clearinghouse, which handles a third of all patient records, had widespread effects. Fixes and workarounds have alleviated some distress, but providers are still unable to collect billions of dollars in payments. Many smaller hospitals and medical offices are still having trouble getting paid more than a month after Change was first forced to shut down many of its systems.  For more insight into this incident please see our Client Alert.

Claims and notifications

The recently published WTW 2024 Cyber Claims Analysis report notes various insights such as:

  • Increased number of ransomware notifications in 2023 compared to 2022.
  • Ransom demand payments reflect less than 20% of the total cost elements of a ransomware incident, with business interruption costs well out in front at more than 50% of the cost elements.
  • Beyond a ransom payment the wide-ranging impact of ransomware incidents results in a further 11 cost elements such as Increased Costs of Working, Legal Costs & Legal Costs

Several other high-profile incidents occurred in Q1 2024, such as:

  • this is an image

    Bank of America data breach

    About 57,000 Bank of America customers are being warned that their personal information may have been exposed during a November cyberattack on bank service provider Infosys McCamish Systems, impacted customers were only made aware in February 2024 – another supply chain risk.[1]

  • this is an image

    Microsoft nation-state attack

    Microsoft’s security team detected a nation-state attack on their corporate systems on January 12, 2024. Microsoft identified the threat actor as Midnight Blissard, the Russian state-sponsored actor, who accessed some Microsoft corporate email accounts, including members of their senior leadership team and employees in their cybersecurity, legal, and other functions, and exfiltrated some emails and attached documents.[2]

  • this is an image

    Change Healthcare Ransomware Attack

    An impact on the clearinghouse resulting in the delay in payments running into billions of dollars and widespread impact to care providers and patients across the United States.[3]

If you have any questions about our Q1 2024 GB Cyber Insurance Market Update, then feel free to reach out to your WTW broker or our contacts below.


  1. Bank of America Customers Left In The Dark About Data Breach For 90 Days Return to article
  2. Microsoft Actions Following Attack by Nation State Actor Midnight Blizzard Return to article
  3. 4 Things You Need to Know About Health Care Cyberattacks Return to article

Head of Cyber & TMT Broking (UK) FINEX GB

Global FINEX Cyber Strategy Leader


Cyber Risk Management

We take a three-step approach toward helping our clients evaluate and manage their cyber risks

Contact us