The surge in high-profile attacks across Europe has put cyber insurance back in the spotlight, but not all providers are prepared to meet the moment. “The drumbeat of cyberattacks seems to have been getting louder,” said Patricia Kocsondy (pictured), head of global cyber digital risks at Beazley. She pointed to recent breaches that crippled airports, hit major retailers, and pushed Jaguar Land Rover to the brink, requiring a £2 billion UK government loan guarantee.
Those major events may dominate headlines, but Kocsondy warned that a quieter threat looms underneath. “There are still very quiet incidents happening every day… which don’t always grab the news headlines,” she said. Yet these incidents carry the same insurance implications and are driving long-term demand.
That demand has made cyber insurance one of the fastest-growing lines in the market. According to Kocsondy, the sector has grown 20–30% annually over the past decade, and current forecasts put the market on track to exceed $30 billion by 2030. “There’s no wonder there’s a lot of interest,” she said.
Still, growth hasn’t brought clarity. Kocsondy described the current landscape as “high stakes, high risk, high reward.” Cyber losses are rising, threat actors are multiplying, and attack vectors are increasingly complex. But rates, she said, have been falling. Pricing has softened by over 20% from its recent peak, making it more challenging for carriers, even as demand continues to rise.
“For other carriers in the cyber insurance market, the current conditions are challenging… with increased activity and prices coming down,” she said. “At some point they’re going to need to think differently about their positioning… as to whether or not they are better off partnering or… staying on the front line.”
Beazley, which positions itself as a market leader, is leaning heavily into risk selection and engineering. “We are getting much more precise on risk selection and also identifying areas of risk where we find predictive or correlative with loss potential,” said Kocsondy.
That process combines external cybersecurity scans with internal claims analytics and application data. “We have gotten a lot more sophisticated when it comes to using technology in risk selection,” she said.
Beazley’s flagship offering, full-spectrum cyber, includes preemptive scanning, real-time threat alerts, and incident response through its in-house cybersecurity company, Beazley Security. Kocsondy said that approach allows the company to alert clients to vulnerabilities “before they become a target of an attack.”
“We can pinpoint vulnerabilities… and let them know about those vulnerabilities before they become a target,” she said. If an incident does occur, the same infrastructure helps clients recover quickly. “We help them get back on their feet as quickly as possible.”
This pre-claim value is increasingly critical as pricing pressure pushes clients to scrutinize the substance behind similar-looking policies. “It’s a great time to buy and get the protection that customers badly need,” Kocsondy said. “It’s easier than ever… to get the coverage in place.”
The insurance industry may be struggling to keep pace with the velocity of cyber threat evolution, especially around new technologies. Kocsondy admitted that “technology is evolving faster than the insurance language can keep up.”
Still, she pushed back on the idea that carriers are falling behind. “There are many areas where insurance is leading on risk and on risk management,” she said. She highlighted Beazley Security Labs, a dedicated threat research unit that monitors for emerging vulnerabilities, scans client portfolios, and issues direct alerts when new exposures are identified.
This, she said, is where the market is beginning to differentiate. “I would suggest it’s not the standard,” she said of proactive threat notification.
With pricing converging across providers, Kocsondy said clients are increasingly making decisions based on perceived quality and value - something that only becomes truly visible after a claim. “It can be very difficult with a niche product like cyber for customers to distinguish and differentiate at the time of purchase,” she said. “Where we do see the differentiation might be more so at the time of loss.”
Despite the growth of the market, Kocsondy said misconceptions persist. One of the most damaging, in her view, is the idea that companies must choose between investing in cybersecurity or buying insurance. “There’s a false choice… and it really is an ‘and’,” she said. “It’s almost like, well, if I have seatbelts and airbags, I don’t need car insurance. Nobody would really ever say that.”
