Estimated reading time: 9 minutes
We attended Zywave’s 14th annual Cyber Risk Insights Conference in New York. We did not catch every minute. But a brisk summary may still help busy readers. The day tracked market sentiment, debated policy design, and drilled into privacy litigation and growth hurdles. Below are the highlights, organized by session.
Keynote: Cyber Insurance as the Test of Trust
Speaker: Neeti Bhalla Johnson, President, Liberty Mutual Global Risk Solutions
Bhalla Johnson set the tone. She called cyber “the defining test of trust in the digital age.” She also put a number on the ambition. The market aims to grow from roughly $15 billion today to $50–$100 billion within a decade. The path runs through correlation, clarity, and execution.
She warned that geopolitical synchronization changes loss patterns. Attacks aim at shared dependencies. Vendors, clouds, and software stacks bind portfolios together. “Our models and portfolios must treat correlation as a first-order design constraint,” she said. Keynote
She attacked “coverage illusion.” Board-level nightmare scenarios still sit in gray zones. “Ambiguity… is poison for growth,” she said. The fix is bright lines, candid exclusions, and clear systemic triggers. She urged public-private planning for truly extreme layers.
She pressed on integration. Innovation is real, but duplication confuses buyers. “Integration should reduce noise and improve outcomes,” she said. Plain language and embedded options should meet small businesses where they work.
She closed with three commitments: anchor stability through pricing correlation and transparency; power innovation with data and AI, while keeping humans in the loop; and share responsibility across the ecosystem, including secure-by-default tech and coherent policy for catastrophic layers.
She closed on the “test of trust,” warning that the next large-scale cyber event will come and setting three commitments to meet it: anchor stability by pricing correlation and being transparent; power innovation with data and AI while keeping humans in the loop; and share responsibility across the ecosystem, including secure-by-default technology and coherent policy for catastrophic layers, “we will pass this test of trust if we make three commitments as a community.”
State of the Market
Panelists: Tresa Stephens (moderator), Allianz Commercial; Lori Bailey, AXIS; David Derigiotis, RT Specialty; Beth Gidicsin, Lockton; Florian Happ, Munich Re
The panel called today’s market competitive and stable. Oversupply and better hygiene push prices down, especially for controlled risks. Bailey pointed to a simple driver. Capacity exceeds demand, and that pressure lands on rates. Hygiene improved after 2020–2022, which eased loss ratios.
Happ described a “double soft” market. Primary remains soft. Reinsurance remains soft. Yet many cedents lowered quota shares and kept more net. Buyers can still obtain protection, but appetite now favors tailored non-proportional covers.
Growth remains the bigger question. The panel expects U.S. SME demand to rise as digital distribution improves. Outside the U.S., regulation and awareness drive uneven growth. DORA and new EU rules may expand European take-up.
Get The Cyber Insurance News Upload Delivered
Subscribe to our newsletter!
Reevaluating Reinsurance
Panelists: Diya Sawhny (moderator), Moody’s; Stephan Brunner, Munich Re; Rory Chisholm, Gallagher Re; Tatjana Loepker, SCOR; Damini Mago, Guy Carpenter
The reinsurance market remains a buyer’s market. But pricing mechanics differ from primary. On proportional deals, pressure shows up in commissions and margins. Loepker noted soft primary pricing, abundant capacity, and slower-than-hoped SMB growth. That mix squeezes reinsurer margins and demands discipline. Revaluating Reinsurance
Sessions are coming down. Many cedents cut quota shares from prior peaks and keep more net. Chisholm traced a wave of structural innovation. Short-window aggregates, shared-limit constructs, and bespoke event triggers tried to patch activation disputes in classic XOL. The question is durability across cycles.
Mago focused on event definitions and basis risk. Dozens of bespoke “event” wordings emerged after mini-cat tests. New hybrids attempt to pair event layers with aggregate backstops to ensure recoverability. The goal is simple. Structures must pay when stress arrives.
Brunner pushed a skeptic’s lens. Innovation should solve real problems, not create new ones. Capacity is not scarce today. The urgent task is model maturity and risk understanding. He warned against fragile constructs that falter in the face of real events. State of the Market Panel
ILS drew a sober read. Investor education improved. Cyber diversifies P&C and can offer yield. But rated capacity is plentiful now, so issuance remains selective. Relationships built in 2023–2024 should matter when the cycle turns.
Models remain a battlefield. Vendors updated scenarios and outputs. Variance across versions complicates PMLs and spending. Some carriers built in-house accumulation models to gain stability and explainability. Everyone agrees on the top perils. Malware and cloud failures dominate tail drivers. The hard part is not becoming complacent.
Diversification in cyber is different. Geography helps little. Technology stacks define accumulation. Portfolios diversify across industries, revenue bands, and critical tech use. Underwriting must capture dependency materiality, not just vendor names.
Track 1: Growing the Cyber Market in the U.S. and Beyond
Panelists: Connie Johnston, Zywave (moderator); Kieran Doyle, Wotton Kearney; Christiaan Durdaller, CRC Group; Siobhan O’Brien, MSIG USA; Jonas Schwade, cysmo (Editorial Note: Missed the beginning)
The growth debate returned to first principles. Match the message to the market. Litigation narratives move buyers in Australia. They fall flat in Japan. Education must fit local incentives and culture. Dipping toes does not build trust. Presence and fluency do.
Panelists stressed the SME reality. Many owners do not grasp the fragility of cash flow. A hack can end the business in days. Distribution must remove friction—plain language matters more than slogans.
Yea & Nay: Debating Cyber’s Hottest Topics
Panelists: Alexandra Bretschneider (moderator), Johnson Kendall & Johnson; Adam Abresch, Acrisure; Adam Cottini, CrowdStrike; Meghan Farrelly; Marcin Weryk, Coalition
The format sharpened disagreements. Retainers split the room. Pro-retainer voices emphasized speed, governance, and privilege. Skeptics flagged conflicts, panel alignment, and optics during forensics. The live poll edged toward “yes,” but with caveats.
Coverage lines also drew heat. “Wrongful collection” sat on a knife’s edge. Half the room favored inclusion under cyber. The rest preferred standalone privacy solutions as statutes evolve. Cybercrime coverage held a majority, but not a slam dunk. The message for buyers was blunt. Know what sits where before a loss.
Privacy & Pixel Litigation: AI, Adtech, and the Next Wave
Panelists: Jerry Thompson, CyEx (moderator); Marcello Antonucci, Beazley; Al Saikali, Shook Hardy & Bacon
Trends cluster in healthcare, retail, and financial services. Plaintiffs focus on tracking inside portals. They also press Video Privacy Protection Act claims after favorable rulings. “Shakedown” demands still appear, often from newer firms. Defense wins increased, but volume remains high due to more filings.
From the insurance chair, “tracking tech” spans biometrics to pixels. Loss math is heavy. Defense and motion practice can cost millions, even when you win. Statutory damages stack by person or transaction. The best defense is provable governance, aligned policies, and documented consent.
Panelists urged the industry to share settlement intel to control outliers. Applications and control standards often function as de facto regulation. Buyers still arrive with stale policies and shadow IT in marketing. That fuels filings and weakens the defense posture.
What We Took Away
Zywave’s program pushed past platitudes. The keynote demanded correlation-aware portfolios and plain-spoken coverage. The market panel saw discipline, even with soft conditions and ample capacity. Reinsurance turned the wrench on structure and model uncertainty. Growth in SMEs and abroad requires frictionless distribution and local nuance. The debate made clear that retainers, crime, and wrongful-collection coverage remain active battlegrounds. Privacy litigation continues to spread, and costs bite even in wins.
Zywave describes this series as the flagship cyber event. It earns that label by mixing market mechanics with legal reality. The conference promised “thoughtful conversations and the latest insights on cyber threats, regulation, insurance market conditions, and risk quantification.”
The day delivered on that brief. The next test will arrive when a correlated event hits hard. The industry’s job is to answer the phone, pay what it promised, and keep writing on Monday.
Frequently Asked Questions (FAQs)
1. What is the biggest challenge in managing cyber risk today?
The biggest challenge lies in correlation — a single vulnerability can trigger losses across multiple insureds simultaneously. Managing this systemic exposure requires improved modeling and transparency.
2. How is the cyber insurance market evolving?
The market is expanding rapidly, with increased capacity and pricing discipline. Growth is especially strong in SMEs and regulated regions like the EU under DORA.
3. Why does model variance matter in cyber insurance?
Model variance impacts how insurers calculate probable maximum losses (PMLs). Inconsistent models lead to mispricing and volatility in reinsurance negotiations.
4. How can small businesses mitigate cyber risk effectively?
SMEs should adopt secure-by-default technology, maintain strong password policies, and invest in affordable cyber insurance coverage tailored to their risk profile.
5. What role does AI play in cybersecurity risk management?
AI helps detect threats earlier, automate response workflows, and improve data analytics for quantifying cyber risk. However, human oversight remains essential.
6. What trends will shape the cyber insurance market by 2030?
Expect broader adoption of parametric covers, increased regulatory alignment, and deeper integration between cybersecurity technology and insurance underwriting.
RELATED CYBER INSURANCE POSTS
