Cyber insurance is booming, but it’s not without challenges, according to John Coletti, head of large market underwriting at Coalition. The market is growing fast, now seen as a key insurance product that catches the attention of top executives. What once looked like a niche sector has become a major force, with the global market generating around $15 to $18 billion in premiums. The US leads this, making up about 60% of that total.
The strong hold the US has on the market partly comes down to language. Since much malicious software is created in English, English-speaking countries, especially the US, have long been prime targets. Threat actors also think these targets are more likely to pay up. But that’s changing. Attacks are rising in countries where English isn’t the main language. Advances in translation tools help hackers overcome language barriers, but successful attacks still require communication in the victim’s language, like German or others.
As the US market shows signs of easing price increases, expanding globally has become a focus. Companies like Coalition are growing into the UK, Germany, France, Australia, and the Nordics. Still, building new customer bases takes effort, and quick returns are not guaranteed.
Small and medium-sized businesses (SMEs) stand out as a big opportunity. While large companies usually grasp their cyber risks and often carry insurance, smaller businesses lag behind. For them, cost and complexity often get in the way. Meanwhile, the danger keeps growing. Cybercrime could cost the world over $10 trillion this year—a huge number that highlights the need for better protection.
The value of cyber insurance is shifting too. Instead of just helping after a breach with legal and notification services, insurers are focusing more on preventing attacks. Coalition has developed technology that scans the internet constantly to spot risks early, aiming to help clients stop attacks before they happen.
Underwriting—the process of deciding who gets coverage and at what price—is also changing. Unlike other types of insurance that rely on past data, cyber risks evolve quickly and there isn’t much historical information, especially from before ransomware became a big threat. Coalition uses its own tech to analyze an applicant’s current digital footprint rather than outdated forms. This approach reflects how quickly cyber risks can change—fix a vulnerability and the risk disappears.
Despite these advances, the biggest worry remains systemic risk—the chance that a single cyberattack could affect many policyholders at once, especially if it hits a widely used platform or vendor. The market is still figuring out how to properly measure this risk. Coalition handles risk modeling internally using its own data and technology. However, other insurers vary widely in how they assess cyber risk. This means customers often see wildly different quotes from different providers, adding confusion to an already complex buying decision.
In short, cyber insurance is growing rapidly and evolving fast. While the US market softens, global growth and SME protection are key goals. New tech supports prevention and real-time underwriting. Yet challenges like systemic risk and uneven market practices remain hurdles in the path forward.