Skip to main content
Survey Report

Insurance Marketplace Realities 2021 Spring Update – Cyber risk

Cyber Risk Management

April 21, 2021

Given the dramatic increase in ransomware incidents, organizations should be proactive in assessing their cyber resilience.
Rate predictions
  Trend Range
Cyber: Increase (Purple triangle pointing up) +50%

Key takeaway

As insurers continue their strategies to mitigate the financial losses from the significant increase in frequency and severity of ransomware incidents over the past year, they must now also assess how organizations may have been impacted by the SolarWinds, Accellion and Microsoft Exchange Server breaches. In an already hardened insurance market, these recent developments are likely to tighten the terms and availability of certain cyber coverage for some organizations, especially for those that cannot demonstrate strong cyber risk controls, culture and overall cyber hygiene.

COVID-19 continues to impact the cyber market.

  • The work-from-home era, now in its second year, may be contributing to an increase in phishing and hacking activity, as certain organizations have been more vulnerable than usual due to employees working remotely on potentially less secure networks with less secure hardware. 
  • According to the IBM and Ponemon 2020 Cost of a Data Breach Report, 76% of the organizations polled across 17 different industries predicted that remote work would make responding to a potential data breach much more difficult by increasing the time to identify and contain a potential breach.
  • Further, the polled organizations predicted that having a remote workforce would increase the average total cost of a data breach to around $4 million.
  • According to a Willis Re recent survey of cyber insurance buyers, underwriters, risk managers, claims professionals, actuaries and brokers, 86% think the frequency of cyber attacks will increase as a result of COVID-19; over half (54%) think the severity of those attacks will also increase.

Primary and excess cyber renewals are now averaging premium increases of 25% and higher.

  • Heavily exposed industries are likely to see increases on the higher side of our predicted range: healthcare, higher education, public entities, manufacturing, financial institutions, construction and large media and technology companies.
  • The use of analytics to assess potential cyber exposures and determine optimal insurance limits for insureds has become vital as we navigate a marketplace that keeps hardening.
  • Cybercriminals are targeting businesses of all kinds with ransomware attacks. As these attacks become more sophisticated, such as threatening a firm’s entire electronic infrastructure, ransom demands have increased — often reaching eight figures.
  • As incidents and losses mount, carriers have been reevaluating their positions in large towers and looking more closely at rates in perceived burn layers.
  • Carrier strategy regarding excess layers revolves around obtaining adequate premium for perceived risk. There is less competition to get on excess towers, especially if pricing is considered too thin.

Cyber capacity is starting to tighten, as losses continue to rise.

  • According to the IBM and Ponemon 2020 Cost of a Data Breach Report, data breach costs remain highest in the U.S., where the average cost of a data breach in 2020 was $8.19 million, up 5.3% since 2019, driven by a complex regulatory landscape that can vary from state to state, especially for breach notification. Healthcare was again the most expensive industry.
  • The human element continues to be the leading cause of cyber loss, contributing to 63% of the claims included in the Willis Towers Watson 2020 Reported Claims Index.
  • Certain carriers are adjusting their ransomware coverage appetites and considering sublimits and co-insurance alternatives, while more carriers are requiring ransomware supplemental applications.
  • Certain markets are adding broad SolarWinds exclusions to their policies, making it essential for organizations to report notices of circumstances if either they or one of their vendors use or used the software.
  • Excess carriers are increasingly not aligned with primary coverages and are seeking to benefit from exclusions placed on excess policies below them in a tower.

Coverage continues to evolve and expand to address regulatory risk, reputational damage, forensic accounting and gap exposures.

  • Since the E.U. General Data Protection Regulation (GDPR) went into effect in May of 2018 and the subsequent trove of data privacy legislation introduced across the U.S., most notably the California Consumer Privacy Act and New York’s copycat legislation, Senate Bill 567, we have seen cyber markets affirmatively address coverage for claims stemming from these regulations. Markets are also offering expanded wrongful collection and compliance coverage largely in response to the new regulatory landscape.
  • Other expansions include coverage for forensic accounting costs, reputational damage and invoice manipulation in certain industries.
  • Business interruption/system failure continues to be an area of concern for underwriters. Heavily exposed industry classes, such as aviation, manufacturing and transportation have seen increased underwriting scrutiny. While coverage remains available, some buyers face significant premium increases.
  • Cyber underwriters are working more closely than ever with their counterparts in other lines to address silent cyber coverage. Carriers are withdrawing or limiting cyber coverage in non-cyber insurance lines due to concerns over aggregation.


Willis Towers Watson hopes you found the general information provided in this publication informative and helpful. The information contained herein is not intended to constitute legal or other professional advice and should not be relied upon in lieu of consultation with your own legal advisors. In the event you would like more information regarding your insurance coverage, please do not hesitate to reach out to us. In North America, Willis Towers Watson offers insurance products through licensed subsidiaries of Willis North America Inc., including Willis Towers Watson Northeast Inc. (in the United States) and Willis Canada, Inc.

Each applicable policy of insurance must be reviewed to determine the extent, if any, of coverage for COVID-19. Coverage may vary depending on the jurisdiction and circumstances. For global client programs it is critical to consider all local operations and how policies may or may not include COVID-19 coverage. The information contained herein is not intended to constitute legal or other professional advice and should not be relied upon in lieu of consultation with your own legal and/or other professional advisors. Some of the information in this publication may be compiled by third party sources we consider to be reliable, however we do not guarantee and are not responsible for the accuracy of such information. We assume no duty in contract, tort, or otherwise in connection with this publication and expressly disclaim, to the fullest extent permitted by law, any liability in connection with this publication. Willis Towers Watson offers insurance-related services through its appropriately licensed entities in each jurisdiction in which it operates. COVID-19 is a rapidly evolving situation and changes are occurring frequently. Willis Towers Watson does not undertake to update the information included herein after the date of publication. Accordingly, readers should be aware that certain content may have changed since the date of this publication. Please reach out to the author or your Willis Towers Watson contact for more information.


Joe DePaul
National Cyber/E&O Practice Leader, North America

FINEX Cyber/E&O Thought and Product Coverage Leader, North America

Related content tags, list of links Survey Report Cyber Risk Management Insurance United States
Contact Us