Gallagher Re has released new findings that suggest cyber insurance development patterns are once again shifting, driven by changes in cyber threat actor tactics and a shifting claims landscape.
In a 2021 white paper, Gallagher Re hypothesized that the rise of ransomware over traditional data breach claims could accelerate claims development. With more underwriting years (UWYs) now matured and newer cyberattack techniques emerging, the firm has re-examined its original position.
Gallagher Re noted that in 2018 and prior, the cyber loss environment was primarily dominated by data breaches, which typically have a long tail due to third-party liabilities. From 2018 to 2021, however, the emergence of cryptocurrency-enabled ransom payments and Ransomware-as-a-Service led to a rise in encryption-based, un-targeted ransomware attacks.
By 2019, some groups began adopting “big-game hunting” tactics, targeting larger enterprises with higher-value demands. Between 2019 and 2021, paid-to-incurred ratios were higher than in earlier years, which Gallagher Re attributed to the growing proportion of ransomware claims.
For the 2022–2023 period, Gallagher Re data showed a return to patterns more consistent with pre-2019 behavior. The firm suggested this could be linked to the shift toward double extortion tactics, where threat actors combine data encryption with the threat of data leakage.
Gallagher Re also noted external disruptions, such as the Russia-Ukraine conflict in 2022, which affected threat actor behavior and led to unusual loss patterns. Claims complexity also increased as a result of a reduction in smaller, quicker-to-resolve losses and a concentration of larger, more complex claims.
The latest analysis included a deeper look at how ransomware and non-ransomware losses are developing separately. Gallagher Re found that recent developments in incurred losses – particularly in 2024 – have largely been driven by non-ransomware claims tied to UWYs 2018 and earlier.
To measure model accuracy, Gallagher Re compared its expected loss ratios from Q2 2022 with actual performance in Q2 2024. It found that older underwriting years aligned with expectations, suggesting that the tail factors used for data breach-heavy years remain appropriate.
However, for 2019–2021, actual losses developed below prior projections, indicating that previously applied development patterns may have been overly conservative.
Gallagher Re emphasized the importance of differentiating development patterns by loss type, as the evolving cyber threat landscape introduces variability that aggregated modeling may not fully capture. The firm noted that Lloyd’s market triangles, which aggregate loss types, may require further refinement, especially when loss composition shifts over time.
Outside of claims, a previous report from Howden Re noted that the performance of cyber reinsurance products depends on structure and carrier-specific purchasing strategies. As buyer behavior shifts and market losses increase, reinsurers' risk tolerances could be tested, leading to heightened demand for retrocession capacity.
Howden Re’s report observed that the cyber reinsurance market currently features a broadening range of product offerings and an increasing familiarity with the underlying risk profile.
However, it pointed out that reinsurer market share remains concentrated, with the top five cyber reinsurers accounting for 62% of gross written premium (GWP), and the top 10 holding 87%, based on Howden Re estimates. The report suggested that diversification will be needed for cyber insurance to mature alongside more established classes.
What are your thoughts on this story? Please feel free to share your comments below.
