Cyber insurance isn’t booming

Cyber insurance may be the fastest-growing line in the market, but that growth isn’t without caveats. “It’s the largest, growing, most coveted insurance product… generating the most interest at executive levels,” said John Coletti (pictured), head of large market underwriting at Coalition.

Originally seen as a niche line that might cap out like EPLI, cyber has proved otherwise. “Most insurers have sort of kind of agreed… this is actually something that is going to be truly meaningful and grow,” said Coletti. But that doesn’t mean it’s immune to broader market dynamics.

“You’ve got a lot of capacities into the market,” he said. “There’s definitely a softening… but even still, it’s still significant growth.” Coalition estimates the global market is generating between $15 billion and $18 billion in gross written premium, with the US accounting for around 60%.

English-first threat landscape shifting

That dominant US share is partially rooted in language. “A lot of the software, the code that’s been written to commit these attacks has been written in English,” said Coletti. English-speaking countries, particularly the US, have long been top targets – not just due to size but also because threat actors believed they were more likely to pay.

But that focus is expanding. “We’re seeing more and more attacks… in non-English-speaking countries,” he said. Improvements in translation tech mean language is less of a barrier. Still, monetization requires more than infiltration. “You need to negotiate… in that language,” said Coletti. “You need to speak German in order to commit that attack as well.”

As the US market shows signs of rate softening, global expansion has become a strategic priority. Coalition has moved into the UK, Germany, France, Australia, and across the Nordics, with plans to grow further. But Coletti warned against assuming exponential returns. “We still need to put in the hard work of incentivizing new buyers,” he said.

SMEs remain a blind spot

Much of that growth potential lies in the underpenetrated SME market. “The SME market in particular is still very much underpenetrated in all geographies,” Coletti said. Large companies, he argued, largely understand their cyber exposure. “Notwithstanding… the recent case of Jaguar Land Rover… the penetration rate is there,” he said.

That’s not the case for smaller businesses, where cost and complexity still deter many from buying coverage. Meanwhile, the scale of threat continues to grow. “We estimate that cybercrime will cost the global economy over $10 trillion this year,” said Coletti. That figure, which is widely cited in industry circles but not yet independently verified, underscores the urgency – and the gap.

Prevention now part of the pitch

With pricing pressure on the rise and loss ratios still volatile, the value proposition of cyber insurance is shifting. “Insureds are looking for some sort of value out of that product,” Coletti said. That used to mean post-breach services like legal counsel, notification, and credit monitoring. Now it’s about prevention.

“What can we do to help an insured prevent an attack from actually occurring?” he said. Coalition has leaned into this shift, building systems designed to flag vulnerabilities before they are exploited. “We try to get to our insurers before the attackers do,” said Coletti.

Underwriting in real time, not on paper

Part of Coalition’s approach is moving away from traditional underwriting models. “Unlike other lines of business… there’s not a lot of perfected data,” Coletti said. “If we were to have this discussion seven, eight years ago, we wouldn’t even be talking about ransomware because it didn’t even exist.”

Instead of relying on historical loss trends or long questionnaires, Coalition built its own tech stack. “We have our own active data graph that continuously scans and analyzes really the entire internet,” he said. This allows them to assess risk based on an applicant’s live digital footprint—not outdated forms.

That approach also reflects how cyber differs from property or auto. “If you fix the vulnerability that caused [an event], you no longer have that exposure,” Coletti said. “Why would that be predictive of a future event happening?”

Systemic risk still the biggest threat

While prevention and pricing models are improving, the biggest threat to sector stability remains systemic risk. “The systemic event, the single cyber event that could impact… your entire portfolio,” said Coletti. In a hyper-connected world, a failure at one shared vendor or platform could trigger widespread losses across dozens – or hundreds – of policyholders.

Insurers are still figuring out how to model that. Coalition, for its part, handles modeling in-house. “We don’t rely on third-party vendors,” Coletti said. “We model the risks using our own data, our own people, our own technology.”

But the broader market is still fragmented in how it evaluates cyber exposures. “Insurers vary in how they approach this risk,” said Coletti. That creates confusion – and risk – for buyers. “Maybe one premium is really high, one of them was really low… [buyers] are getting things that are wildly different,” he said.