Skip to main content
Survey Report

Insurance Marketplace Realities 2021 – Cyber risk

November 18, 2020

Given the dramatic increase in ransomware incidents, organizations should be proactive in assessing their cyber resilience.
Cyber Risk Management

Rate prediction

Rate predictions: Cyber Risk
  Trend Range
Cyber Increase +10% to +30%

Key takeaway

Given the dramatic increase in ransomware incidents during the pandemic, in both frequency and severity across all industries, organizations should be proactive in assessing their cyber resilience and be able to demonstrate this resilience to underwriters.

COVID-19 continues to impact the cyber market.

  • The work-from-home era that has emerged globally since March continues to lead to an increase in phishing and hacking activity.
  • Claims and losses related to the coronavirus pandemic are expected to continue, as organizations may be more vulnerable than usual due to employees working remotely on potentially less secure networks with less secure hardware.
  • According to Willis Re’s recent survey of cyber insurance buyers, underwriters, risk managers, claims professionals, actuaries and brokers, 86% think the frequency of cyberattacks will increase as a result of COVID-19, and over half (54%) think the severity of those attacks will also increase.
  • Despite the potential rise in risk for many buyers of cyber coverage, the marketplace has yet to react strongly by either adding exclusions for COVID-19-related cyber events or declining coverage for cyber claims or losses.

Primary and excess cyber renewals are now averaging premium increases well into the double digits.

  • Heavily exposed industries are likely to see increases on the higher side of our predicted 10% to 30% range: healthcare, higher education, public entities, manufacturing, financial institutions, construction and large media and technology companies.
  • The use of analytics to assess potential cyber exposures and determine optimal insurance limits for insureds has become vital as we navigate an ever-hardening marketplace.
  • Cybercriminals are targeting businesses of all kinds with ransomware attacks. As these attacks become more sophisticated, threatening a firm’s entire electronic infrastructure, ransom demands have increased — often reaching eight figures.
  • As incidents and losses mount, carriers have been reevaluating their positions in large towers and looking more closely at rates in perceived burn layers.
  • Carrier strategy regarding excess layers revolves around obtaining adequate premium for perceived risk. There is less competition to get on excess towers, especially if pricing is considered too thin.
  • While some cyber towers may still maintain a rate per million under $10K, the excess markets are looking to increase their rate per million to $8K to $13K, but that could fluctuate up or down based on attachment point and risk.

Cyber capacity is starting to tighten, as losses continue to rise.

  • The average cost of a data breach in 2020 is $3.86 million, according to a new report from IBM and the Ponemon Institute.
  • According to IBM and the Ponemon Institute, costs remain highest in the U.S., where the average cost of a data breach was $8.19 million, up 5.3% since 2019, driven by a complex regulatory landscape that can vary from state to state, especially for breach notification. Health care was again the most expensive industry.
  • The human element continues to be the leading cause of cyber loss, contributing to 64% of the claims included in our 2020 Reported Claims Index.
  • Given some recent high-profile breaches, clients need to be aware of potential issues related to M&A activity. Companies should engage their IT staff early in the acquisition process to evaluate risks. The potential for reputational and financial harm from an incident could undermine the true value of a deal.
  • Certain carriers are adjusting their ransomware coverage appetites and considering sub-limits and co-insurance alternatives and starting to require ransomware supplemental applications.

Coverage continues to evolve and expand to address regulatory risk, reputational damage, forensic accounting and gap exposures.

  • Since the E.U. General Data Protection Regulation (GDPR) went into effect in May of 2018 and the subsequent trove of data privacy legislation introduced across the U.S., most notably the California Consumer Privacy Act, we have seen cyber markets affirmatively address coverage for claims stemming from these regulations. Markets are also offering expanded wrongful collection and compliance coverage largely in response to the new regulatory landscape.
  • Other expansions include coverage for forensic accounting costs, reputational damage and invoice manipulation in certain industries.
  • Business interruption/system failure continues to be an area of concern for underwriters. Heavily exposed industry classes, such as aviation, manufacturing and transportation, have seen increased underwriting scrutiny. While coverage remains available, certain industries face significant premium increases.
  • Cyber underwriters are working more closely than ever with their counterparts in other lines to address silent cyber coverage. Carriers are withdrawing or limiting cyber coverage in non-cyber insurance lines due to concern over aggregation.


Willis Towers Watson hopes you found the general information provided in this publication informative and helpful. The information contained herein is not intended to constitute legal or other professional advice and should not be relied upon in lieu of consultation with your own legal advisors. In the event you would like more information regarding your insurance coverage, please do not hesitate to reach out to us. In North America, Willis Towers Watson offers insurance products through licensed subsidiaries of Willis North America Inc., including Willis Towers Watson Northeast Inc. (in the United States) and Willis Canada, Inc.


Joe DePaul
National Cyber/E&O Practice Leader, North America

FINEX Cyber/E&O Thought and Product Coverage Leader, North America

Related content tags, list of links Survey Report Cyber Risk Management Insurance United States
Contact Us