Cyber insurance is progressing toward maturity, but key challenges remain, according to insights shared during a recent webinar hosted by S&P Global Ratings, a provider of credit ratings, research, and risk analysis.
During the session, titled “The Changing Face of Cyber Insurance,” a panel of S&P Global Ratings analysts and industry experts examined the current state of the market, highlighting developments in coverage, pricing stability, and capital markets engagement.
While the sector has expanded in recent years—benefiting from heightened demand, growing awareness, and product innovation—it remains relatively small compared to more established lines of business and is contending with complex and fast-moving risk dynamics.
S&P Global Ratings notes that stabilisation in premium rates in 2025 is one indication that the market is maturing. However, the sector remains marked by uncertainty as insureds and insurers alike work to understand evolving exposures and identify effective strategies for risk transfer.
The organisation observes that businesses continue to face difficulties quantifying their risk and implementing the necessary controls to determine when transferring that risk to the insurance market is both practical and necessary.
S&P Global Ratings analyst Ron Joas explained that these shifting risk conditions and insurer responses are influencing broader financing considerations.
According to Joas, insurers and reinsurers are increasingly seeking alternative capacity through capital markets via the issuance of cyber insurance-linked securities (ILS), a development S&P Global Ratings identifies as notable for its potential to reshape how cyber risks are managed and shared.
During the discussion, panelists from S&P Global Ratings also addressed persistent challenges related to market penetration and coverage.
The firm pointed out that the industry’s focus remains largely on indemnity-based solutions, and that cyber insurance uptake continues to be uneven across geographies and company sizes.
For example, in the UK, S&P Global Ratings highlighted that only 5% to 10% of small and medium-sized enterprises currently hold cyber insurance, underscoring a significant protection gap.
Furthermore, the firm emphasised a disconnect between economic losses incurred from cyber events and the proportion that is actually covered by insurance, suggesting that insurers may still face hurdles in communicating the value of their offerings to the market.
S&P Global Ratings also observed that more advanced insurers are enhancing their products with additional services such as threat intelligence, supply chain risk assessments, and tools to support better cybersecurity practices. These additions not only differentiate offerings but also contribute to lowering the frequency and severity of claims, a trend that may support long-term stability in the sector.
The organisation further noted that while innovation is occurring—with new products entering the market—the unpredictable nature of cyber risk, combined with ongoing difficulties in measurement and modeling, continues to restrict the pace and effectiveness of that innovation.
Turning to the capital markets, S&P Global Ratings discussed the role of cyber ILS, also referred to as cyber catastrophe bonds, in transferring cyber risk away from primary insurers and reinsurers.
The firm cited five issuances to date, acknowledging the concept’s potential but also emphasising its current limitations.
Compared to natural catastrophe bonds, which have approximately $52 billion in outstanding issuance, cyber ILS represent only around $1 billion—a disparity that reflects both the smaller size of the cyber insurance market and the structural challenges facing ILS adoption in this space.
S&P Global Ratings views growth in cyber ILS as dependent on the continued expansion of the underlying insurance market, which is still developing in terms of scale and complexity.
However, the firm cautioned that several barriers are likely to constrain near-term growth. These include a lack of contract standardisation, limited transparency around underlying cyber risks, and relatively low levels of investor familiarity with cyber ILS structures and modelling techniques.
S&P Global Ratings concludes that while momentum is building in the cyber insurance market, unlocking its full potential will require further progress in standardisation, risk understanding, and communication across stakeholders.
The firm sees a clear opportunity for collaboration between insurers, reinsurers, and capital markets participants to improve coverage, manage exposures more effectively, and build a more resilient framework for cyber risk management.
