Cyber liability policyholders who saw steep increases in insurance costs and cuts in coverage over the past two years are seeing rates stabilize or fall, experts say.

New entrants to the cyber insurance market have brought additional capacity and underwriters have insisted on improved cybersecurity as a condition of coverage, they said during interviews at the Risk & Insurance Management Society Inc.’s Riskworld annual conference in Atlanta last week.

But ransomware remains a threat, with attacks increasing this year, they said.

“The market is in a state of stabilization right now. And when we look at rates, generally speaking, we’re talking about minus five to plus five,” said Stephanie Snyder Frenier, senior vice president, business development leader-professional and cyber solutions, at CAC Specialty in Chicago.

Increased capacity and improved cybersecurity are driving down cyber rates, said Joe Peiser, New York-based head of commercial risk solutions, North America, at Aon PLC. Aon saw cyber liability rates fall 8% in the first quarter and expects rates to fall by 15% to 25% at future renewals, he said.

“We’re seeing a leveling in the market and pricing landscape right now. Capacity has stabilized,” said Rich DePiero, New York-based executive vice president and head of Sompo Pro, a unit of Sompo International Holdings Ltd.

In addition, policyholders can build larger coverage towers with lead lines expanding to $10 million from $5 million.

“We started seeing a deceleration of rate increases in the third quarter of last year,” said New York-based Meredith Schnur, cyber brokerage leader, U.S. and Canada, at Marsh LLC. “By the time we turned the corner into 2023, increases averaged 20% to 30%, and now, through the first quarter, new data shows an average rate increase of 11%.”

The deceleration follows two to three years of substantial rate increases and the addition of new capacity, she said.

Following large cyber losses in 2020 and into 2021, the price increases in 2021 and 2022 “were as steep and as drastic as I’ve seen in any line of business,” said Mario Vitale, New York-based president of Resilience Cyber Insurance Solutions LLC.

But cyber liability has a shorter tail than many other liability lines because the losses are driven by issues such as ransom demands, business interruption and loss of data, he said. As a result, underwriters can see that 2022 was a more favorable year from a claims standpoint, he said.

“Conditions have softened. We really noticed it in November of last year,” said Bobby Bianconi, Hartford, Connecticut-based head of U.S. technology and cyber at Aspen Insurance Holdings Ltd.

Better security

Policyholders and insurers are integrating cybersecurity efforts with risk transfer considerations, Mr. Vitale said.

Many companies implement suggestions from insurers about how to improve cybersecurity, said New York-based Dan Frusciano, head of cyber underwriting, global risk solutions North America, at Liberty Mutual Insurance Co.

“They’re making the right investments in the tools to really protect what’s important,” he said. For example, policyholders are better informed about the assets they need to protect, the security patches they need to apply, and educating employees on cyber risks.

In addition to lower premiums, policyholders with improved cybersecurity are obtaining better terms, such as the removal of coinsurance requirements for ransomware risks, Mr. Frusciano said.

“Boards see cyber coverage as sort of a belt and suspenders — a necessary thing — but your CFOs are more looking at the value propositions given that premiums are so expensive,” said Carey Almond, Atlanta-based director of corporate insurance at Colonial Pipeline Co., during a cyber session at the conference.

Alternative capacity is also entering the market. Marsh LLC has seen a 75% increase in the number of captives under management writing cyber in the last two years.

Ellen Charnley, Las Vegas-based president of Marsh Captive Solutions, said Marsh will launch a special purpose vehicle for cyber, specifically for captive owners to access reinsurance, in a few weeks.

The addition of cyber reinsurance capacity through insurance-linked securities could also expand the market, said Ms. Snyder Frenier of CAC Specialty. Beazley PLC and Hannover Re SE announced cyber ILS deals earlier this year.

One downside for policyholders, some insurers are imposing the war exclusion drafted by Lloyd’s of London, which bars coverage for major cyberattacks by nations or state-sponsored cybercriminals, among other things.

Many insurers in the United States are sticking with existing war exclusions with a cyber terrorism carve back to maintain some coverage and are increasing their market share as a result, Ms. Snyder Frenier said.

Changing risks

While ransomware attacks are still occurring, policyholders are more frequently able to recover their data from their backup data storage facilities and avoid paying the ransoms, said Mr. Frusciano of Liberty Mutual.

But the nature of the risks is changing, Ms. Snyder Frenier said. For example, ransomware attacks initially targeted personally identifiable information that companies held, but now they are more frequently targeting confidential corporate information.

The cyber risk management environment changes rapidly due to increasingly sophisticated cyberattacks, said Mr. Vitale of Resilience. Unlike in property risk management, where highly protected risks remain stable, cybersecurity needs constant monitoring, he said.

There has also been a significant increase in ransomware claims this year, with some in March and April involving large ransoms, said Ms. Schnur of Marsh.

Generative AI such as ChatGPT also increases cyber risk, Ms. Snyder Frenier said. Few organizations have corporate policies on the use of AI, which could expose them to loss of confidential information if employees put it into ChatGPT as part of a work project.

“We’re starting to see the use of AI to just increase the bad guys’ abilities to move quickly and enhance their capabilities,” Mr. Frusciano said.

Claire Wilkinson contributed to this report.