Skip to main content
main content, press tab to continue
Survey Report

Insurance Marketplace Realities 2024 Spring Update – Cyber risk

May 8, 2024

While market stabilization has continued into 2024, conditions could transition to a firming market later in the year.
Cyber Risk Management|Financial, Executive and Professional Risks (FINEX)
Rate predictions: Cyber risk
  Trend Range
Cyber risk Flat, (Neutral decrease) -5% to flat


We are currently seeing flat primary and excess cyber renewals and in some instances even decreases, and capacity continues to be readily available.

  • Premium stabilization has continued into 2024. Increases, if any, are typically seen by those organizations that cannot demonstrate strong ransomware controls.
  • Underwriting decisions are heavily influenced by the security controls a company has in place in conjunction with pricing and attachment points.
  • Competition is strong among markets and certain risks may receive multiple quotes. Incumbents are eager to retain business.
  • Increased limit factors (ILFs) have come down in excess placements due to competition. Excess carriers will undercut each other if given the opportunity.
  • Capacity is plentiful in the market, and carriers are pushing to increase their participation back to $10 million blocks on programs.
  • Many policyholders are electing either to purchase additional limits or lower retentions when there are premium savings on renewals.
  • We are seeing carriers more willing to underwrite to the grey area between yes/no within the applications.

While the average ransomware payment decreased in the latter half of 2023, overall ransomware incidents are still on the rise.

Markets continue to grapple with how to address claims and losses that may result from state sponsored cyber-attacks, as well as exposures stemming from wrongful collection and the use of artificial intelligence.

  • There are a wide variety of approaches to wrongful collection coverage, as markets assess how biometric information legislation, as well as chat bot and meta pixel litigation, increased exposure to certain organizations.
  • Markets are starting to monitor how clients use artificial intelligence and how this technology can lead to new exposures. However, we have not yet identified examples of the implementation of exclusions arising from the use of AI.
  • The Russia-Ukraine and Israel-Palestine conflicts have caused cyber markets to reassess their war and territorial exclusions, especially as cyber reinsurance treaties come up for renewal this year. The focus is on greater market cohesion in 2024 so buyers can find consistency in coverage, given varying war risk appetites.
  • The SEC adopted rules on July 26, requiring that public companies disclose cyber security breaches within four days after a determination of a material incident, making it imperative for organizations to have strong cross functional processes in place to ensure that key stakeholders can quickly make a determination to meet these new reporting obligations.

Specific industry trends

  • Financial institutions: The Moveit transfer application vulnerability had a significant impacton this industry, since more than 30.86% of the hosts running the application were financial services organizations. Hard market corrections were made to this class in the prior year so decreases are flattening. FIs are generally viewed as better risks than other industry classes so tends to be more competition among markets for this business.
  • Healthcare: In February, we saw the real time devasting consequences of a ransomware cyber-attack on a large healthcare organization, as well as the downstream impact to the networks of healthcare providers relying on that organization to process claims and make payments. As the extent of this event is still unknown, it will take time for carriers to understand fully what pricing or coverage adjustments, if any, need to be made to their healthcare book.
  • Retail: Our retail clients have seen a unique blend of exposures, as they regularly handle a significant amount of customer data while using social media and influencers, relying on third-party vendors to deliver their products and AI on their websites and at distribution centers.
  • Construction: Ransomware continues to impact the construction and architects & engineers industry classes, particularly in the small and middle market space. Wire transfer fraud is the most problematic exposure in this industry class and impacts all sized companies.
  • Manufacturing: More companies are grappling with how to protect Operational Technology (OT) systems, which if left vulnerable, can lead to large business interruption claims and Information Technology (IT) systems being affected during an incident.  Carriers are becoming more interested in collecting OT specific underwriter information, including whether OT and IT networks are properly segmented to prevent lateral movement should a bad actor infiltrate one system or the other.
  • M&A: Organizations are lately focused on industry-specific enhancements and a more efficient process/approach to writing portfolio companies, which carriers have been willing to accommodate.
  • Higher education: Underwriter scrutiny around End of Life (EOL) systems has ramped up based on the custom software used by many educational institutions. Carriers want to see protections in place or the replacement of these systems with something more secure.

Global cyber rate change through December 2023


Willis Towers Watson hopes you found the general information provided in this publication informative and helpful. The information contained herein is not intended to constitute legal or other professional advice and should not be relied upon in lieu of consultation with your own legal advisors. In the event you would like more information regarding your insurance coverage, please do not hesitate to reach out to us. In North America, Willis Towers Watson offers insurance products through licensed entities, including Willis Towers Watson Northeast, Inc. (in the United States) and Willis Canada Inc. (in Canada).


Jason Warmbir
Head of NA Cyber/E&O

FINEX NA Cyber Thought & Product Coverage Leader

Contact us