Dan Frusciano is head of cyber underwriting, North America, for Liberty Mutual Insurance Co. Based in New York, he joined the insurer via its 2017 acquisition of Ironshore and has underwritten cyber liability risks for 15 years. He recently spoke with Business Insurance Editor Gavin Souter about trends in the sector. Edited excerpts follow.

How would you characterize the cyber insurance market at the moment?

We had the huge hard market increase in rates during 2022, and then in 2023 we saw those rates come back. We’re still at a level above where we were prior to the 2022 hardening, but we have given back a lot of that rate. The hope in the market right now is to stabilize the pricing through 2024 so it’s more sustainable going forward … where it's profitable but also economical and it makes sense for clients to offload risk to the insurance market at pricing that makes sense.

Do you think current pricing is in the ballpark?

We’re getting there. In the (small and medium-sized enterprise) space we’re at a point now where it’s sustainable and it’s adequate. We may have given back a little too much on the larger accounts. We’re seeing those rates came back a lot more than in the SME, space and there’s been an uptick in claims activity in that space. Threat actors seem to have been targeting larger organizations. There may be an upswing in rates in that segment in the near future.

What’s driving the market conditions?

There’s a lot of capacity on the excess side especially, so for large accounts that are buying a lot of limit there’s more capacity than there’s ever been. There’s still a lot of green books out there, and we’ve seen that development on excess claims takes a little bit longer than it does on primary, so if you have an excess-heavy portfolio, you don’t have a real sense of what the claims look like for maybe three or four years. Some of the more mature markets aren’t pushing rates down as much.

How is the risk environment changing?

2022 was a very profitable year for the insurance industry and I think we can all agree at this point that there was just a lull in activity based on the Russia-Ukraine conflict. Those groups have re-formed, and they are back and better than ever and really targeting the larger accounts. It almost feels like they’re trying to make up for lost revenue during 2022.

There’s just more elephant hunting going on and it’s leading to much larger ransom demands – some are paying, some are not – and then that leads to larger business interruption claims, too. From a day-to-day profitability standpoint, you’re thinking about ransomware but then there’s always a systemic event that’s in the back of your mind and you’re always managing to that as a portfolio manager.