Howden Re’s Matt Webb featured on Double Take, discussing the evolution of Cyber Insurance
Published
Read time
Matt Webb, Head of Cyber Clients & Strategy, Howden Re, was a guest on the podcast Double Take with Raphael Lewis, director of specialist research at BNY's Newton Investment Management, and Jack Encarnacao, Newton Investigative Research Analyst, to discuss the evolution of cyber insurance.
During the episode, Webb discussed the evolution of cyber insurance, especially focusing the development of the broad coverage now available and the impacts of ransomware. Drawing on more than a decade in cyber insurance, Webb’s commentary helps listeners to better understand cyber risk and what’s needed for protection in the sector.
Plus, Webb touched on the question that’s front and centre for the industry right now; are major cyber events like CrowdStrike, Change Healthcare, and CDK, indicative of a new trend or just a blip?
“I think with insurance, you often use the past to the guide to the future, which would suggest that it's a blip,” said Webb. “But if it is a trend, then we'll see more shifts in the market.”
History of Cyber Insurance and ransomware attacks
Cyber policies have come a long way since first being introduced in the 1990s, having been born out of technology errors & omissions, initially focusing on covering third party liability.
“The risk has really evolved and developed for three main reasons, firstly, advances in technology, adoption of the technology, use of data, secondly, introduction of privacy regulations, creating obligations for clients, and lastly, major cyber incidents,” said Webb. “That's raised the profile of the coverage and driven purchasing.”
Plus, Webb said between 2012 and 2019, the market grew from around $1 billion to $7 billion of GWP so just north of 30% CAGR. The market is now writing 15bn, with projections suggesting significant growth in the coming years.
“Although we saw the increase in loss activity [between 2012 – 2019], the market was broadly set up to deal with it,” Webb said.
From 2019 to the present, Webb says ransomware has come front and centre in the market. In 2019, we saw a shift from attackers, targeting major corporations and combining encryption with data exfiltration, known as “big game hunting”.
“The attackers were taking their time, selecting a target, getting into the networks, increasing their privileges, traversing the networks, and then deploying ransomware with more catastrophic effects,” Webb said. This also meant attackers knew exactly who was being hit, allowing them to demand far higher ransoms.
“The largest ransom that I’m aware of was paid last year at $75 million,” Webb said.
CrowdStrike
The non-malicious CrowdStrike incident in 2024 caused a systems failure, which is part of the business interruption cover.
“It's covered in most, but not all cyber policies,” said Webb. “Here at Howden Re, we've got an industry exposure database that makes up about 65% of global GWP. So, we've got individual information on all those companies, and about 70% of policies within that database provide this cover.”
Current cyber coverage
From a cyber perspective, Webb said the coverage itself is often broad, having evolved to address elements like hacking techniques, governmental/regulatory changes, and more.
Additionally, most cyber insurers also offer a claims service with a 24/7 hotline, allowing buyers to speak with approved vendors during high-pressure situations where a breach is expected.
“[Exclusions within policy language] are mainly there to protect the solvency of the industry, rather than trying to wriggle out of claims or individual claims to protect profits,” Webb said.
When it comes to underwriting cyber insurance, Webb said the exposure measures are typically the volume of records and the net profit of an organization, with curves developed around those to provide a price.
For the buyer, Webb said there's recognized standards that companies can sign up to and be accredited against, such as ISO 27001, Cyber Essentials, or marking yourself against the NIST framework. They're helpful indicators when you're sat in the underwriting chair and assessing the risk, to understand whether a company is compliant with those.
“It can reduce the barrier to buy or to procure the insurance from the customer’s perspective,” Webb said, adding that risk profiles like type of industry, regulations, and volume of sensitive customer information is also a factor in pricing.
In the meantime, the exposure and risk landscapes have greatly changed over the past decade, resulting in higher costs for cyber insurance while coverage remains broad.
Other risks, like reputational harm, aren’t always covered in policies, but Webb said he believes it should be a “fundamental” part of the coverage.
To hear more about any of the topics described above, you can listen to the podcast here: Insuring Cyber Risk - Double Take By Newton - Apple Podcasts