Arch promotes cyber underwriter to management as UK market growth stalls

Sophie Law's promotion comes as the London market wrestles with a UK cyber sector that keeps failing to catch up with the US, and with its own smaller firms

Arch promotes cyber underwriter to management as UK market growth stalls

Insurance News

By

Promotions are usually the easy story. This one comes with an interesting backdrop attached.

Arch Insurance International has promoted Sophie Law (pictured) to cyber underwriting manager, effective immediately, handing her responsibility for underwriting across the firm's cyber, tech errors and omissions, and media E&O book, across a wide range of territories and sectors. Based in London, she will report to James Barrett, head of cyber and healthcare at Arch.

Law brings nearly 13 years of underwriting experience to the role. She joined Arch in 2019 as a senior cyber underwriter, having previously held underwriting positions at Barbican and Hiscox — two firms with long histories in the London cyber market. The promotion is a straightforward step up for someone who has spent most of her career underwriting the same class of business she will now help manage.

She also joins the cyber team at a point of relative stability after a period of change at the top. Barrett took over as interim head of cyber in October 2024, following the departure of his predecessor, Marcus Breese, for HDI Global UK and Ireland, before being made permanent in the combined cyber and healthcare role in April 2025.

The more interesting part of the story sits just underneath it. In an interview with Insurance Business shortly after taking the role, Barrett said: "Rate reductions are slowing, and we expect rates to be roughly flat over the next year. We're focused on continuing to build our presence, particularly in the UK where uptake of cyber coverage has been slower than in the US."

That call has held up reasonably well since. Speaking to Insurance Business at the start of this year, Hiscox's global head of cyber, Eddie Lamb, and Zurich UK's head of cyber, Thomas Clayton, both pointed to rates flattening out in 2026 after several years of softening — Clayton noting it would follow three consecutive years of downward pressure. Munich Re's Cyber Insurance, Risks and Trends 2025 report, meanwhile, put Europe's total cyber premium at $3.3 billion in 2024, a 21% share of the global market, against North America's 69% share — the comparison Barrett was drawing on when he described UK uptake as lagging.

But the UK-versus-US framing may not be where the real gap sits. That same Insurance Business piece on the SME cyber market cited GlobalData research showing just over 40% of UK SMEs currently hold cyber insurance, compared with 63% of medium-sized firms and around 70% of FTSE 100 companies. On that measure, the underinsured segment isn't the UK relative to America — it's small UK firms relative to large ones, sitting on the same market Law and Barrett are now underwriting.

Not every data point tells the same story, either. The UK government's most recent Cyber Security Breaches Survey found the proportion of businesses holding some form of cyber insurance had risen sharply, from 64% to 75% year-on-year — a much rosier figure than GlobalData's SME-specific number. The gap between the two is likely a matter of definition, a broad "some form of cover" question against a narrower, dedicated cyber policy, but it's a reminder that "UK uptake" isn't a single, agreed number depending on who's measuring it and which slice of the market they're looking at.

None of that is Law's problem to solve alone. But it is the market she now has broader responsibility for underwriting, at a moment when rates are expected to flatten, competitors are making similar calls, and the real growth opportunity looks less like closing the gap with the US and more like reaching the smaller UK firms that still don't buy the cover at all.

Related Stories

Keep up with the latest news and events

Join our mailing list, it’s free!