Skip to main content
main content, press tab to continue
Survey Report

Insurance Marketplace Realities 2023 – Cyber risk

December 1, 2022

An increased level of competition from cyber underwriters has led to more nominal rate increases when organizations can demonstrate good cyber security controls year over year.
Cyber Risk Management
Rate predictions: Cyber risk
  Trend Range
Q3 2022 Increase (Purple triangle pointing up) +25% to +50%
Q4 2022 Increase (Purple triangle pointing up) Flat to +25%

Primary and excess cyber renewals are now averaging more nominal premium increases in the flat to +25% range and there are signs of capacity beginning to broaden.

  • While Q1-Q4 2021 renewals were in the +50% to +200% range, Q1-Q2 premium increases were less pronounced. Increases will still be steepest for those organizations that cannot demonstrate strong cyber risk controls, culture and overall cyber hygiene.
  • Highly regulated industries, such as financial institutions, required to have more stringent controls, have seen rate increases on the lower end of our predicted range.
  • Underwriting decisions are heavily influenced by the security controls a company has in place in conjunction with pricing and attachment points.
  • Although many carriers are starting to communicate that they are open to putting up more capacity for certain risks, we are still waiting for this to become a reality.
  • There are real signs of strong competition among markets, as we are often receiving two to three quotes for certain risks. Incumbents are eager to retain business.
  • Excess placements are still challenging, because Increased Limits Factors (ILFs) continue to be high.
  • Renewals are taking longer to complete because carriers do not want to quote early for fear of an incident occurring between quoting and binding — and carriers are often unwilling to provide any significant extensions. It is more important than ever to start the submission process early so materials can be refined for best presentation to underwriters.

Although there are finally signs of losses slowing some, ransomware and the potential for other widespread events continue to be a concern.

  • According to Coveware, the median ransomware payment decreased by 51% in Q2 2022 over the prior quarter, as large enterprises have invested heavily in ransomware controls such as privileged access management, endpoint detection and response and backup strategies in the period since the Colonial Pipeline cyber-attack in 2021.
  • Cybercriminals are targeting companies in every business segment with ransomware attacks. As these attacks become more sophisticated, threatening a firm's entire electronic infrastructure, ransom demands have increased — often reaching eight figures.
  • Data breach costs remain highest in the U.S., where the average cost of a data breach in 2021 was $9.05 million, up just under 5% since 2020. For the eleventh consecutive year, healthcare data breach costs were the highest, increasing from an average total cost of $7.13 million in 2020 to $9.23 million in 2021, a 29.5% increase.
  • Ransomware attacks cost an average of $4.62 million, more expensive than the average data breach ($4.24 million).
  • To highlight potential vulnerabilities, certain carriers are relying more heavily on cyber security consultants for technical expertise as well as on third-party scanning technologies.
  • Carriers are continuing to require supplemental applications for ransomware and other common events as there is increased concern around systemic losses and the potential impact they could have on the broader marketplace.

Markets continue to constrict coverages to limit their exposure to regulatory risk, ransomware losses and other widespread cyber incidents, and they look for new ways to underwrite cyber risk.

  • Largely in response to the E.U. General Data Protection Regulation (GDPR) that went into effect in May of 2018 and the subsequent trove of data privacy legislation introduced across the U.S., most notably the California Consumer Privacy Act, we are seeing cyber markets pull back on offering wrongful collection and compliance coverage.
  • Certain markets have added broad SolarWinds and Log4j exclusions to their policies, making it essential for organizations to report notices of circumstances if either they or one of their vendors use or used the software.
  • Certain carriers have taken the drastic approach of splitting coverage into either widespread/catastrophic cyber events or limited impact events, which leaves open the possibility of applying co-insurance, sublimits, retentions and timing factors to calibrate the exposures on either side of the split.
  • Dependent business interruption due to system failures is a concern for underwriters. Many markets are often sublimiting this coverage to half of the policy limit.
  • Due to the frequency and severity of social engineering and cybercrime claims, certain carriers have removed crime offerings from their policies, pushing the exposure to the insured’s crime policies.
  • The Russia/Ukraine conflict has led many markets to reassess their war and territorial exclusions.


Willis Towers Watson hopes you found the general information provided in this publication informative and helpful. The information contained herein is not intended to constitute legal or other professional advice and should not be relied upon in lieu of consultation with your own legal advisors. In the event you would like more information regarding your insurance coverage, please do not hesitate to reach out to us. In North America, Willis Towers Watson offers insurance products through licensed entities, including Willis Towers Watson Northeast, Inc. (in the United States) and Willis Canada Inc. (in Canada).


Joe DePaul
National Cyber/E&O Practice Leader, North America

FINEX NA Cyber Thought & Product Coverage Leader

Related content tags, list of links Survey Report Cyber Risk Management Insurance United States
Contact us