Skip to main content
main content, press tab to continue
Survey Report

Insurance Marketplace Realities 2022 – Cyber risk

November 15, 2021

Organizations that cannot demonstrate strong cyber risk controls, culture and overall cyber hygiene will face the high end of eye-popping increases.
Cyber Risk Management

Rate predictions

Rate predictions: Cyber Risk
  Trend Range
Cyber Increase (Purple triangle pointing up) +50% to +150%

Key takeaway

Cyber markets are continuing to limit their exposure to ransomware losses and other widespread events by deploying co-insurance, sub-limiting certain coverages (most notably cyber extortion), increasing retentions and developing language to further limit their exposure. Organizations that cannot demonstrate strong cyber risk controls, culture and overall cyber hygiene will face the high end of eye-popping increases.

COVID-19 continues to impact the cyber market.

  • The work-from-home era, possibly now permanent to at least some degree, may be contributing to an increase in phishing and hacking activity, as certain organizations have been more vulnerable than usual due to employees working remotely on potentially less secure networks with less secure hardware.
  • According to the IBM and Ponemon 2021 Cost of a Data Breach Report, the average breach cost was $1.07 million higher in breaches where remote work was a factor.

Primary and excess cyber renewals are now averaging premium increases above anything we’ve seen:  50% to 150%, and higher.

  • Heavily exposed industries are likely to see increases on the higher side of our predicted range: healthcare, higher education, public entities, manufacturing, financial institutions, construction and large media and technology companies.
  • Cybercriminals are targeting companies in every business segment with ransomware attacks. As these attacks become more sophisticated, threatening a firm’s entire electronic infrastructure, ransom demands have increased — often reaching eight figures.
  • As incidents and losses mount, carriers have been reevaluating their positions in large towers and looking more closely at rates in perceived burn layers.
  • Carrier strategy regarding excess layers revolves around obtaining adequate premium for perceived risk. There is less competition to get on excess towers, especially if pricing is considered too thin.
  • Renewals are taking longer to complete because carriers do not want to quote early for fear of an incident occurring between quoting and binding, and carriers are often unwilling to provide any significant extensions. It is, thus, more important than ever to start the submission process early so materials can be refined for best presentation to underwriters.

Cyber capacity continues to tighten, as losses continue to rise.

  • Data breach costs remain highest in the U.S., where the average cost of a data breach in 2021 was $9.05 million, up just under 5% since 2020. For the 11th consecutive year, healthcare data breach costs were the highest, increasing from an average total cost of $7.13 million in 2020 to $9.23 million in 2021, a 29.5% increase.
  • Ransomware attacks cost an average of $4.62 million, more expensive than the average data breach ($4.24 million).
  • Certain carriers are adjusting their ransomware coverage appetites and considering sub-limits and co-insurance alternatives, while more carriers are requiring ransomware supplemental applications.
  • Insureds may need to employ co-insurance or captive options to maintain their current limits and to limit premium increases.
  • Certain markets are adding broad Solarwinds exclusions to their policies, making it essential for organizations to report notices of circumstances if either they or one of their vendors use or used the software.
  • Excess carriers are increasingly not aligned with primary coverages and are seeking to benefit from exclusions placed on excess policies below them in a tower.

Coverage continues to evolve to address regulatory risk and gap exposures.

  • Since the E.U. General Data Protection Regulation (GDPR) went into effect in May of 2018 and the subsequent trove of data privacy legislation introduced across the U.S., most notably the California Consumer Privacy Act and New York’s copycat legislation, Senate Bill 567, we have seen cyber markets affirmatively address coverage for claims stemming from these regulations. Markets are also offering expanded wrongful collection and compliance coverage largely in response to the new regulatory landscape.
  • Business interruption/system failure continues to be a concern for underwriters. Heavily exposed industry classes, such as aviation, manufacturing and transportation, have seen increased underwriting scrutiny. Carriers are implementing longer and sometimes split waiting periods, with system failure coverage having the longest periods.

Cyber underwriters are working more closely than ever with their counterparts in other lines to address silent cyber coverage. Carriers are withdrawing or limiting cyber coverage in non-cyber insurance lines due to concerns over aggregation.


Willis Towers Watson hopes you found the general information provided in this publication informative and helpful. The information contained herein is not intended to constitute legal or other professional advice and should not be relied upon in lieu of consultation with your own legal advisors. In the event you would like more information regarding your insurance coverage, please do not hesitate to reach out to us. In North America, Willis Towers Watson offers insurance products through licensed subsidiaries of Willis North America Inc., including Willis Towers Watson Northeast Inc. (in the United States) and Willis Canada, Inc.


Joe DePaul
National Cyber/E&O Practice Leader, North America

FINEX NA Cyber Thought & Product Coverage Leader

Related content tags, list of links Survey Report Cyber Risk Management Insurance United States
Contact us