Skip to main content
main content, press tab to continue
Survey Report

Insurance Marketplace Realities 2024 – Cyber risk

November 9, 2023

While market stabilization has continued in 2023, organizations should continue to focus on improved cyber security hygiene to offset a potential market shift due to ever-expanding cyber threats.
Cyber Risk Management
Rate predictions: Cyber risk
  Trend Range
Cyber risk Decrease Increase (Purple arrow pointing up and down) -5% to +5%

We are now often seeing flat primary and excess cyber renewals or even 5% to 10% decreases, and capacity continues to broaden.

  • Premium stabilization that began toward the end of 2022 has continued into 2023. While 2022 started with 50% to 150% increases, we now regularly see flat increases or even decreases at renewal. Increases, if any, will be the steepest for those organizations that cannot demonstrate strong cyber risk controls, culture and overall cyber hygiene.
  • Highly regulated industries, such as financial institutions and healthcare, required to have more stringent controls, have seen the most favorable renewals.
  • Underwriting decisions are heavily influenced by the security controls a company has in place in conjunction with pricing and attachment points.
  • There is strong competition between markets, as we frequently receive two to three quotes for certain risks. Incumbents are eager to retain business.
  • Excess placements are less challenging lately, as increased limit factors (ILFs) are starting to come down due to excess competition. Excess carriers are looking to undercut each other if given the chance.
  • Carriers are issuing quotes earlier than they were last year, another indication of renewed competition between markets.
  • Capacity is flowing back into the market, and we are returning to $10 million blocks on towers, rather than $5 million blocks or unusual quota share arrangements.
  • We are starting to test whether some underwriting questions, including supplemental ransomware applications, can be bypassed if security controls are good.

Ransomware losses are once again spiking after a slowdown during 2022 and the first quarter of 2023.

  • According to Coveware, both average and median ransomware payments increased from the first to the second quarter of 2023. According to the NCC Group, March of 2023 was the most prolific month recorded for ransomware attacks, measuring 459 attacks, a 91% increase from the previous month and a 62% increase compared to March of 2022.[1]
  • In the first half of 2023, cyber extortion attacks involving only data exfiltration have become more prevalent. This has contributed to a 70% increase in reported data breaches in the first half of 2023 compared to the same period in 2022.
  • Certain carriers are still relying on cyber security consultants for technical expertise as well as third-party scanning technologies to highlight potential vulnerabilities.

Markets are starting to broaden coverage again when it comes to dependent business interruption, but some are still constricting coverages for wrongful collection in light of the new wave of litigation aimed at privacy violations for the collection of private information through website tracking and biometric scanning.

  • Largely in response to the E.U. General Data Protection Regulation (GDPR) that went into effect in May of 2018 and the subsequent trove of data privacy legislation introduced across the U.S., most notably the California Consumer Privacy Act and a number of state biometric laws, we are seeing cyber markets pull back on offering wrongful collection and compliance coverage. There is also concern about the increase in chat bot and meta pixel litigation.
  • A limited number of carriers have taken the drastic approach of splitting coverage into either widespread/catastrophic cyber events or limited impact events, which leaves open the possibility of applying co-insurance, sublimits, retentions and timing factors to calibrate the exposures on either side of the split. This was more of a hard market approach, and we haven’t seen other markets follow their lead.
  • Certain markets have started to quote full limits across the board again, including for dependent system failure, to compete for or retain business.
  • The Russia/Ukraine conflict has led many markets to reassess their war and territorial exclusions, and we are seeing various versions of a London-based exclusion providing a little more clarity on the kinds of nation state attacks that would be covered, as well as a WTW exclusion that provided some coverage for cyberattacks tied to physical war.
  • The SEC adopted rules on July 26, in part, requiring that all public companies disclose cyber security breaches within four days after a determination that the incident is material, making it imperative for such organizations to have strong cross functional processes in place to ensure that key stakeholders can quickly make this determination and meet these new reporting obligations.

Industry spotlight

  • Financial institutions: Regarding the current threat landscape for the financial services industry, the Moveit transfer application vulnerability impacted this industry more than any other in that 30.86% of the hosts running the application were financial services organizations. For larger FIs, we are seeing premium decreases in the 12% to 20% range, but flat to 10% decreases for smaller middle-market FIs. Because FIs are generally viewed as better risks than some other industry classes, there is slightly more competition among markets for this business.
  • Healthcare: The use of meta-pixel tracking technology by healthcare organizations in particular has become a key area of focus for underwriters, given the fact that impermissibly sharing PHI in violation of HIPAA and various state privacy statutes has recently been the subject of numerous class action lawsuits.
  • Retail: Our retail clients have seen a unique blend of exposures, as they regularly handle a significant amount of customer data while using social media and influencers, relying on third-party vendors to deliver their products and AI on their websites and at distribution centers.
  • Construction: Ransomware continues to impact the construction and architects & engineers industry classes, particularly in the small and middle market space. Wire transfer fraud is the most problematic exposure in this industry class and impacts all sized companies.


  1. NCC Group Cyber Threat Intelligence Report. Return to article


Willis Towers Watson hopes you found the general information provided in this publication informative and helpful. The information contained herein is not intended to constitute legal or other professional advice and should not be relied upon in lieu of consultation with your own legal advisors. In the event you would like more information regarding your insurance coverage, please do not hesitate to reach out to us. In North America, Willis Towers Watson offers insurance products through licensed entities, including Willis Towers Watson Northeast, Inc. (in the United States) and Willis Canada Inc. (in Canada).

Each applicable policy of insurance must be reviewed to determine the extent, if any, of coverage for losses relating to the Ukraine crisis. Coverage may vary depending on the jurisdiction and circumstances. For global client programs it is critical to consider all local operations and how policies may or may not include coverage relating to the Ukraine crisis. The information contained herein is not intended to constitute legal or other professional advice and should not be relied upon in lieu of consultation with your own legal and/or other professional advisors. Some of the information in this publication may be compiled by third-party sources we consider reliable; however, we do not guarantee and are not responsible for the accuracy of such information. We assume no duty in contract, tort or otherwise in connection with this publication and expressly disclaim, to the fullest extent permitted by law, any liability in connection with this publication. Willis Towers Watson offers insurance-related services through its appropriately licensed entities in each jurisdiction in which it operates. The Ukraine crisis is a rapidly evolving situation and changes are occurring frequently. Willis Towers Watson does not undertake to update the information included herein after the date of publication. Accordingly, readers should be aware that certain content may have changed since the date of this publication. Please reach out to the author or your Willis Towers Watson contact for more information.


Jason Warmbir
Head of NA Cyber/E&O

FINEX NA Cyber Thought & Product Coverage Leader

Related content tags, list of links Survey Report Cyber Risk Management Insurance United States
Contact us