Skip to main content
Survey Report

Insurance Marketplace Realities 2023 Spring Update – Cyber risk

April 28, 2023

Market stabilization is continuing in 2023. This is largely due to fewer companies paying ransoms, a reduction in overall cyber claim activity, and improved controls by insureds.
Cyber Risk Management
Rate predictions: Cyber risk
  Trend Range
Cyber risk Increase (Purple triangle pointing up) Flat to +10%

We are now often seeing flat primary and excess cyber renewals or even 5% to 10% decreases, and capacity continues to broaden.

  • Premium stabilization that began toward the end of 2022 has continued into 2023. While 2022 started with 50% to 150% increases, we are now regularly seeing flat increases or even decreases at renewal. Increases, if any, will be the steepest for those organizations that cannot demonstrate strong cyber risk controls and culture, and overall cyber hygiene.
  • Highly regulated industries, such as financial institutions and healthcare, required to have more stringent controls, have seen the most favorable renewals.
  • Underwriting decisions are heavily influenced by the security controls a company has in place in conjunction with pricing and attachment points.
  • There is strong competition among markets, as we often receive two to three quotes for certain risks. Incumbents are eager to retain business.
  • Excess placements are less challenging lately, as increased limits factors (ILFs) are starting to come down due to excess competition. Excess carriers are looking to undercut each other if given the chance.
  • Carriers are issuing quotes earlier than they were last year, another indication of renewed competition among markets.
  • Capacity is flowing back into the market, and we are returning to $10 million blocks on towers, rather than $5 million blocks or unusual quota share arrangements.
  • We are starting to test whether some underwriting questions, including supplemental ransomware applications, can be bypassed if security controls are good.

Although there are finally signs of losses slowing some, ransomware and the potential for other widespread events continue to be a concern.

  • According to Coveware, although the median ransomware payment decreased by 51% in Q2 2022 over the prior quarter, both average and median ransomware payments increased again during Q3 and Q4 of 2022. Threat actors sought to extort money from victims in more than one quarter of all incidents to which IBM’s X-Force responded, according to their 2023 Threat Intelligence Index.
  • During the second half of 2022, the rate of malicious messages rose by 60%, and spam rates increased by over 15% and now constitute 30.6% of all inbound traffic, according to the Acronis Cyber Protection Operation Center Report.
  • Certain carriers are still relying on cyber security consultants for technical expertise as well as third-party scanning technologies to highlight potential vulnerabilities.

Markets are starting to broaden coverage again when it comes to dependent business interruption, but some are still constricting coverages for wrongful collection and other widespread cyber incidents.

  • Largely in response to the E.U. General Data Protection Regulation (GDPR) that went into effect in May of 2018 and the subsequent trove of data privacy legislation introduced across the U.S., most notably the California Consumer Privacy Act and a number of state biometric laws, we are seeing cyber markets pull back on offering wrongful collection and compliance coverage. There is also concern about the increase in chat bot and meta pixel litigation.
  • A limited number of carriers have taken the drastic approach of splitting coverage into either widespread/catastrophic cyber events or limited impact events, which leaves open the possibility of applying co-insurance, sublimits, retentions and timing factors to calibrate the exposures on either side of the split. This was more of a hard market approach, and we haven’t seen other markets follow their lead.
  • Certain markets have started to quote full limits across the board again, including for dependent system failure, to compete for or retain business.
  • The Russia/Ukraine conflict has led many markets to reassess their war and territorial exclusions, and we are seeing various versions of a London-based exclusion providing a little more clarity on the kinds of nation state attacks that would be covered.


Willis Towers Watson hopes you found the general information provided in this publication informative and helpful. The information contained herein is not intended to constitute legal or other professional advice and should not be relied upon in lieu of consultation with your own legal advisors. In the event you would like more information regarding your insurance coverage, please do not hesitate to reach out to us. In North America, Willis Towers Watson offers insurance products through licensed entities, including Willis Towers Watson Northeast, Inc. (in the United States) and Willis Canada Inc. (in Canada).


National Cyber/E&O Practice Leader

FINEX NA Cyber Thought & Product Coverage Leader

Related content tags, list of links Survey Report Cyber Risk Management Insurance United States
Contact us