With cyber threats escalating across industries and regions, demand for cyber insurance is growing – but not evenly.
While large enterprises in North America and parts of Europe have embraced coverage, vast segments of the global market, particularly small and medium-sized enterprises (SMEs) and companies in Asia and Latin America, remain significantly underinsured, according to Alessandro Lezzi (pictured), group head of cyber at Beazley.
This uneven growth presents a critical opportunity for brokers to step in, Lezzi said, not just to sell policies, but to educate clients, tailor solutions, and close the global cyber protection gap.
Lezzi said that clients now better understand the need for cyber protection, but global uptake varies widely by geography and company size.
In the US, where the cyber insurance market has matured, large enterprises and middle-market firms show relatively high penetration rates. But even there, the SME segment is lagging.
“There’s a big opportunity in SMEs,” Lezzi told Insurance Business. “Penetration is still low, largely due to misperceptions around risk.”
Europe and the UK are catching up quickly, particularly among large organizations, while middle-market growth across regions is just beginning.
Asia and Latin America remain further behind, but Lezzi sees long-term upside. “As larger companies in these regions engage with cyber products and understand their exposures, we expect significant growth,” he said.
For brokers, one of the biggest opportunities lies in the still-untapped SME market. The two main barriers, said Lezzi, are lack of awareness and product misalignment.
“Many small businesses still don’t believe they’re targets,” he said. “So, education is critical.”
At the same time, brokers must work with carriers to ensure the products fit the needs and budgets of SMEs. For Lezzi, the future of the cyber insurance sector hinges on a blend of forward-looking risk management, adaptable product design, and global education, especially for underserved market segments.
Real-world events continue to catalyze interest in cyber coverage. Recent high-profile retail sector cyber attacks in the UK serve as examples that raise awareness and drive purchasing behavior.
“We saw this pattern in the US in 2020 and 2021, during the ransomware surge,” Lezzi said. “Incidents make the risk tangible. They create urgency, and that leads to increased demand.”
This demand is being met with tailored solutions, particularly in risk mitigation. For example, Beazley’s approach involves assessing a client’s internal cyber posture while analyzing external exposures, especially those tied to supply chains.
“Threat actors aren’t targeting one company anymore,” Lezzi said. “They’re targeting service providers that touch many. That shifts the incentive structure and makes risk management more complex.”
When asked about the most significant threats shaping the cyber market today, Lezzi highlighted three major forces: artificial intelligence, geopolitical volatility, and the spectre of systemic cyber risk.
“AI is definitely top of mind,” he said. “It lowers the barrier to entry for bad actors. Open-source tools are available, models are easier to run, and less computing power is needed.”
The volatile geopolitical landscape has also reshaped cyber risk. Lezzi pointed to Russia’s shift in focus toward internal infrastructure following the Ukraine invasion, which temporarily reduced Western-targeted attacks. Meanwhile, tensions between China and Taiwan present an evolving challenge.
But perhaps the most structurally concerning threat is systemic risk: large-scale cyber events that could affect vast swaths of the global economy. Beazley has invested heavily in this area, including the launch of one of the industry’s first cyber catastrophe (cat) bonds.
Looking ahead, Lezzi is optimistic about the role cyber insurance can play in enhancing corporate resilience. But success will depend on collaboration between insurers, brokers, clients, and cybersecurity experts.
“It’s not just about covering losses,” Lezzi said. “It’s about preparing companies, advising them during the policy period, and helping them become more resilient overall.”