Skip to main content
main content, press tab to continue
Survey Report

Insurance Marketplace Realities 2022 Spring Update – Cyber risk

April 7, 2022

As cyber markets continue to limit their exposure, buyers should be prepared to face dramatic premium increases or non-renewals if they are unable to demonstrate certain minimum-security standards.
Cyber Risk Management
Rate predictions: Cyber risk
  Trend Range
Cyber risk Increase (Purple triangle pointing up) +100% to +200%

Key takeaway

As cyber markets continue to limit their exposure to ransomware losses and other widespread events, buyers should be prepared to face dramatic premium increases or non-renewals if they are unable to demonstrate certain minimum-security standards, starting with remote desktop protocols and multi-factor authentication.

COVID-19 continues to impact the cyber market.

  • The work-from-home era, possibly now permanent to at least some degree, may be contributing to an increase in phishing and hacking activity, as certain organizations have been more vulnerable than usual due to employees working remotely on potentially less secure networks with less secure hardware.
  • According to the IBM and Ponemon 2021 Cost of a Data Breach Report, the average breach cost was $1.07 million higher in breaches where remote work was a factor.

Primary and excess cyber renewals are now averaging premium increases above anything we’ve seen: 100% to 200% and even higher. Capacity continues to tighten.

  • Q2 renewals are expected to continue to see the jaw-dropping corrective retention and premium increases we saw in the preceding quarters. Increases will be steepest for those organizations that cannot demonstrate strong cyber risk controls, culture and overall cyber hygiene.
  • Heavily exposed industries are likely to see increases on the higher side of our predicted range: healthcare, higher education, public entities, manufacturing, financial institutions, construction and large media and technology companies.
  • Struggling to build towers, clients are often faced with the prospect of less overall coverage and being forced to consider alternate risk solutions, such as self-insuring and captives.
  • Underwriting decisions are heavily influenced by the security controls a company has in place in conjunction with pricing and attachment points.
  • Carriers are taking a much closer look at total capacity deployed on programs. Many large towers include U.S., London and Bermuda carriers, and many are looking to reduce or limit the total amount of capacity put up globally on a single tower.
  • Renewals are taking longer to complete because carriers do not want to quote early for fear of an incident occurring between quoting and binding — and carriers are often unwilling to provide any significant extensions. It is more important than ever to start the submission process early so materials can be refined for best presentation to underwriters.

As losses show no signs of slowing, carriers are looking for new ways to underwrite cyber risk.

  • Cybercriminals are targeting companies in every business segment with ransomware attacks. As these attacks become more sophisticated, threatening a firm's entire electronic infrastructure, ransom demands have increased — often reaching eight figures.
  • Data breach costs remain highest in the U.S., where the average cost of a data breach in 2021 was $9.05 million, up just under 5% since 2020. For the eleventh consecutive year, healthcare data breach costs were the highest, increasing from an average total cost of $7.13 million in 2020 to $9.23 million in 2021, a 29.5% increase (IBM and Ponemon 2021 Cost of a Data Breach Report).
  • Ransomware attacks cost an average of $4.62 million, more expensive than the average data breach of $4.24 million (IBM and Ponemon 2021 Cost of a Data Breach Report).
  • Certain carriers are relying more heavily on cyber security consultants for technical expertise as well as third-party scanning technologies to highlight potential vulnerabilities.
  • Excess carriers are increasingly not aligned with primary coverages and are seeking to benefit from exclusions placed on excess policies below them in a tower.
  • More carriers are requiring supplemental applications for ransomware and other common events, as there is increased concern around systemic losses and the potential impact they could have on the broader marketplace.

Markets continue to constrict coverages to limit their exposure to regulatory risk, ransomware losses and other widespread cyber incidents.

  • Largely in response to the E.U. General Data Protection Regulation (GDPR) that went into effect in May of 2018 and the subsequent trove of data privacy legislation introduced across the U.S., most notably the California Consumer Privacy Act and New York’s copycat legislation, Senate Bill 567, we are seeing cyber markets pull back on offering wrongful collection and compliance coverage.
  • Cyber markets are lately deploying co-insurance and or sub-limiting all coverages stemming from ransomware, increasing retentions and developing language to further limit their exposure.
  • Certain markets have added broad Solarwinds and Log4j exclusions to their policies, making it essential for organizations to report notices of circumstances if either they or one of their vendors use or used the software.
  • The Russia/Ukraine crisis has created a heightened risk of cyber attacks spreading to organizations on the periphery of the crisis. Some carriers are asking additional underwriting questions about whether insureds, their subsidiaries or their critical vendors have exposure in Russia, Ukraine or other potentially impacted countries and are considering adding territorial restriction endorsements onto their policies.
  • Cyber underwriters continue to work closely with their counterparts in other lines to address silent cyber coverage, as more and more carriers withdraw or limit cyber coverage in non-cyber insurance lines due to concerns over aggregation.


Willis Towers Watson hopes you found the general information provided in this publication informative and helpful. The information contained herein is not intended to constitute legal or other professional advice and should not be relied upon in lieu of consultation with your own legal advisors. In the event you would like more information regarding your insurance coverage, please do not hesitate to reach out to us. In North America, Willis Towers Watson offers insurance products through licensed entities, including Willis Towers Watson Northeast, Inc. (in the United States) and Willis Canada Inc. (in Canada).

Each applicable policy of insurance must be reviewed to determine the extent, if any, of coverage for losses relating to the Ukraine conflict. Coverage may vary depending on the jurisdiction and circumstances. For global client programs it is critical to consider all local operations and how policies may or may not include coverage relating to the Ukraine conflict. The information contained herein is not intended to constitute legal or other professional advice and should not be relied upon in lieu of consultation with your own legal and/or other professional advisors. Some of the information in this publication may be compiled by third-party sources we consider reliable; however, we do not guarantee and are not responsible for the accuracy of such information. We assume no duty in contract, tort or otherwise in connection with this publication and expressly disclaim, to the fullest extent permitted by law, any liability in connection with this publication. Willis Towers Watson offers insurance-related services through its appropriately licensed entities in each jurisdiction in which it operates. -The Ukraine conflict is a rapidly evolving situation and changes are occurring frequently. Willis Towers Watson does not undertake to update the information included herein after the date of publication. Accordingly, readers should be aware that certain content may have changed since the date of this publication. Please reach out to the author or your Willis Towers Watson contact for more information.


Joe DePaul
National Cyber/E&O Practice Leader, North America

FINEX NA Cyber Thought & Product Coverage Leader

Related content tags, list of links Survey Report Cyber Risk Management Insurance United States
Contact us