Cyber-attacks are becoming increasingly common and sophisticated, with the frequency of ransomware attacks increasing 80% YoY in 2022 and the cost of cyber-crime expected to exceed $20T by 2026. In order to mitigate the ramifications of an attack, organizations are opting to take out cyber risk insurance policies, which offer protection against financial loss and costs associated with data breaches and business interruption.
The cyber risk insurance space has matured considerably over the past few years in the face of existential threat. In 2021, insurers were forced to raise premiums by 60%+ to stop the bleeding on loss ratios, which made purchasing cyber insurance a difficult decision to justify for large enterprises with tightening budgets, as well as for SMBs – only 14% of which currently hold policies. At the same time, CyberInsurTech companies were busy carving out a niche for themselves in the space and building platforms that enable their policy holders to proactively strengthen their cybersecurity posture, improve outcomes and reduce payouts – and ultimately premium costs.
Investor interest ramped steadily between 2018-2020 before surging in 2021 to the tune of 104 deals and $5.1B in total capital raised. Consolidation is likewise abound in all corners of the ecosystem, including Risk Quantification, Vulnerability Management, and Forensics and Incident Response – each of which are foundational to cyber insurance as they relate to translating risk into financial terms, identifying and bolstering weak points on an organization’s attack surface, and lessening the business and financial impact of any breach that may occur.
With over 350 companies identified across AGC's Cyber Risk Insurance landscape, this space is large and growing rapidly with new startups forcing disruption and public/unicorn giants competing for pole position in a "winner takes most" ecosystem.