There's a question that hangs over every new market entrant in a soft insurance cycle: Why now? Capacity is abundant, rates are sliding and the pressure to write premium fast - just to justify the local investment - can push even disciplined underwriters into uncomfortable territory. When IB put that question to Gerry Power (pictured), the newly appointed head of Cowbell in Australia didn't flinch.
"That's not a hard question at all and I'll tell you why," he said. "Because I've done this for 35 years and I've watched the market cycles go up and down. I understand how capital comes in, capital comes out."
For Power, the soft market seems to be noise and what matters more is the signal underneath it. In Australia's cyber landscape, that signal is getting louder.
When Power sat down with Jack Kudale, Cowbell's global CEO, to discuss the firm's roadmap for Australia, the conversation didn't start with premium targets or market share. It started with a decade.
"The first thing he said was he talked about what's going to happen in the next 10 years," Power said. "And that's when I knew I was talking to the right person."
That long-view thinking has a very specific strategic rationale. The Australian federal government's 2023–2030 Cyber Security Strategy could be quietly building towards a reckoning for the SME sector - a market segment that has historically been cyber insurance's hardest nut to crack. Uptake is low, conversations are difficult and many brokers have quietly deprioritised it.
Power thinks that's about to significantly change.
"When there is a regulatory need by 900,000 plus SMEs," he said, "Cowbell will be an established player ready to take care of those people who have a need that they never had before."
That's not a niche play. That is, if the regulatory trajectory holds, one of the largest untapped insurance pools in the Australian market.
There's a distinction Power draws carefully, and it's one brokers would do well to understand: the softness of the market and the hardness of the underlying risk are two entirely different things moving in opposite directions.
"The risk issue is the risk is increasing - SMEs know it's increasing, the evolution of how cyberattacks occur are changing with the evolution of generative AI," he said. "And it will get even worse with agentic AI when that starts to get full traction."
It's a point that reframes the soft market not as a problem but as a finite window. The capital flooding into cyber capacity right now is responding to past loss experience and present pricing pressure. It is not, Power implied, adequately pricing what's coming.
The cyber threat landscape is evolving faster than the models that underpin most pricing. Generative AI has already lowered the barrier to entry for cybercriminals. Agentic AI - systems that can act autonomously and adapt in real time - represents the next step change and it's approaching faster than most corporate risk managers appreciate, let alone the 900,000 SMEs who may soon face some legal obligations, if not operational imperatives, to address it.
Awareness, at least, is shifting. "The conversations that I was having 10 years ago on cyber, we're not having those today," Power said. A decade ago, getting a client to engage with cyber risk at all was the challenge. Then the hard market made it hard to buy even for those who wanted it. Now, in the soft phase, it is at least accessible but the underlying anxiety about cyber exposure has never been higher.
"You can't pick up the paper now without seeing a cyber event being discussed," Power said. "So you overlay that with potential regulatory change and you have got a need which is not being dealt with at the moment."
However, the SME cyber underinsurance problem in Australia is not new intelligence - brokers have faced it for years. What Power is arguing is that the combination of rising awareness, escalating threat and incoming regulation means the window for addressing it on industry terms, rather than reactive, compliance-driven ones, is narrowing.
For Cowbell, entering now isn't a gamble on the soft market. It's a bet that by the time the regulatory and risk environment forces mass SME cyber adoption, having three or four years of established relationships, broker trust and local claims experience will be worth far more than the premium sacrificed in the meantime.
