Skip to main content
main content, press tab to continue

GB Cyber Insurance Update: Q1 2022

By Simon Basham | April 21, 2022

We explore how the Cyber insurance market has evolved through the first quarter of 2022.
Corporate Risk Tools and Technology|Cyber Risk Management|Financial, Executive and Professional Risks (FINEX)

Executive summary

The GB cyber insurance market has continued to follow the trends that first emerged in 2021. In addition, the challenges presented by the Russia/Ukraine conflict have brought policy coverage into greater focus.

In particular:

  • Q1 2022 placements experiencing further hardening
  • Capacity remaining a key topic – reductions but also some new capacity
  • Continued premium increases, exacerbated in excess layers
  • Insurer focus on sustainable policy retentions/excesses
  • Policy coverage increasingly under review
  • Acute focus on war and terrorism exclusionary language
  • More detailed underwriting information required

This update is a general overview of these key developments, analysing the current conditions in the GB Cyber insurance market for both international and domestic companies. The analysis is based on our own observations of the market and uses WTW proprietary data unless otherwise stated.

This illustration shows how Cyber Resiliency is delivered across 3 stages of: assessment, Quantifying and protecting.
Cyber Resiliency is delivered across 3 stages of: assessment, Quantifying and protecting.

Cyber insurance market capacity

Several insurers continued to reduce their capacity and/or tighten their underwriting requirements to manage their exposure and avoid the risk of aggregation of losses from one widespread incident. As such, securing capacity within the first USD/GBP/EUR50m of capacity continued to be challenging, albeit competition for such attachments continues to increase.

Insurers were increasingly willing to only offer capacity for risks fitting squarely within their appetite in terms of the quality of cyber security controls, with the perceived adequacy of the same being key to the appetite of insurers.

Some insurers are exercising additional caution before offering new business capacity to accounts that could be considered at increased risk from the Russia/Ukraine conflict, such as telecommunications, financial institutions and critical national infrastructure.

Premiums & self-insured retentions

Rate and premium increases of more than 50-100% on the primary layer were not uncommon in Q1

Premium increases also followed on excess layers with percentages exceeding those for the primary layer. This reduced the premium discount on those excess layers compared to the primary.

Insurers remain focused on self-insured retentions being set at a level they deem adequate for the scale of the account in question. This has resulted in many accounts renewing in Q1 2022 experiencing a self-insured retention increase in-line with accounts in H2 2021 (i.e. often in excess of 100%).

Policy coverage

Insurers remain very focused on systemic risk. Many are considering how they will manage this. One major global insurer has already implemented a sub-limit approach for systemic loss events. Further developments in this space are expected during 2022.

The conflict in Ukraine has led to an acceleration by insurers in reviewing their approach to war exclusionary language, which has a very close link to systemic risk. During Q1, insurers’ approach to the war exclusion fell into the following categories:

  1. Sticking with the N.M.A. 464 War and Civil War Exclusion Clause – with various amendments / cyber terrorism cover ‘carved-back’
  2. Drafting an updated exclusion based (to some extent) on N.M.A. 464 or drafting a new exclusion all together
  3. Considering using one of the four model clauses proposed by the Lloyds Market Association LMA)

Insurers continue to utilise ransomware coinsurance and/or sub-limits where they are not satisfied that a client’s security meets the insurer(s) own minimum standards, with some not willing to consider offering cyber coverage if their standards are not met. Insurers’ views on minimum controls have increasingly varied levels of flexibility, giving clients the opportunity to advocate for their approach with the support of their broker

Claims & notifications

The ransomware pandemic (as coined by AGCS)1. is still with us at this juncture, with 44% of respondents to their Risk Barometer 2022 citing cyber incidents as their biggest concern2.

However, in slightly more positive news Coveware in their recently released Q4 20213. ransomware update, called out the cyber insurance renewal process is one of the four positive developments aggregating pressure on the rise of ransomware attacks, resulting in the attacks being more costly to execute.

Coveware also commented that:

1k - 10k
The average ransom payment for companies with between 1000 to 10,000 employees was well north of one million dollars.
of ransomware attacks included data exfiltration
The average case duration of a ransomware attack was 20 days in Q4 2021

The continuing trend of data exfiltration is a key consideration with a ransomware event then impacting both a client’s business operations (incident response, recovery, first party business interruption & ransom payment) but also its liabilities to the data subjects and any relevant regulators.

Cyber hygiene – control adequacy

What can clients do to be market ready?

Preparing for your renewal
  • Ensure key stakeholders (for example board and CISO) are briefed on likely renewal challenges, including increased self-insured risk retention.
  • Consider the bigger picture, what is the defining renewal priority to guide strategy
  • Allow plenty of time to collate renewal information & to review/refine this with the help of your cyber brokers
  • Working with your brokers, ensure insurers receive necessary context to frame your cyber underwriting information
  • Consider cross class leverage with key insurer partners
  • Be self-aware in your navigation of the cyber market, demonstrating desire to partner with insurers

Insurers are increasingly requiring clients to make written cyber submissions in addition to presentation meetings. They also require clients to have minimum cyber security controls in place before offering renewal or new capacity. In Q1 2022 two major cyber insurers have already updated their ransomware questionnaires to include a significant number of additional questions, which the insurers in question state the aim of its to reduce the number of follow up questions clients regularly receive in response to their initial written & oral renewal/new business submissions.






Head of Cyber & TMT Broking (UK) FINEX GB


GB Head - National Cyber and TMT FINEX GB

Associate Director, Consulting and Client Management, CRS – FINEX GB

Matt Ellis BSc (Hons), MSc
Director - FINEX GB - Cyber & TMT

Adrian Ruiz
Director - FINEX GB - Cyber & TMT

Contact us