Skip to main content
Survey Report

Insurance Marketplace Realities 2020 Spring update – Cyber risk

Cyber Risk Management
COVID 19 Coronavirus

May 7, 2020

Given the dramatic increase in ransomware incidents, organizations should be proactive in assessing their cyber resilience.
Rate predictions
  Trend Range
Cyber Increase +10% to +15%

Key takeaway

Given the dramatic increase in ransomware incidents, both in frequency and magnitude across all industries over the past year, organizations should be proactive in assessing their cyber resilience and be able to demonstrate this resilience to underwriters.

Primary and excess cyber renewals are now averaging premium increases in the mid- to upper-single digits.

  • Heavily exposed industries are likely to see increases on the higher side of our predicted 10% – 15% range: health care, higher education, public entities, manufacturing, financial institutions, construction, and large media and technology companies.
  • The explosion of ransomware losses in 2019 has had a direct impact on premiums. The severity has jumped from $500,000 or less per loss to well over $1,000,000 per loss.
  • As incidents and losses mount, carriers have been reevaluating their positions in large towers and looking more closely at rates in perceived burn layers.
  • Carrier strategy regarding excess layers revolves around obtaining adequate premium for perceived risk. There is less competition to get on excess towers, especially if pricing is considered too thin.
  • While some cyber towers may still maintain a rate per million under $10K/M, the excess markets are looking to increase their rate per million to $8K to $13K, but that could fluctuate up or down based on attachment point and risk.

Cyber capacity is starting to tighten, as losses continue to rise.

  • According to the 2019 Cost of a Data Breach Study from the Ponemon Institute and IBM Security, the average cost of a data breach is now $3.92M, a 1.5% increase over 2018 and a 12% increase over the last five years. Costs remain highest in the U.S., where the average price tag for a data breach was $8.19M, more than twice the global average. Health care was again the most expensive industry, with data breach costs in 2019 averaging $6.45M.
  • The human element continues to be the leading cause of cyber loss, contributing to 63% of the claims included in our 2019 Reported Claims Index.
  • Given some recent high-profile breaches, clients need to be aware of potential issues related to M&A activity. Companies should engage their IT staff early in the acquisition process to evaluate risks. The potential for reputational and financial harm from an incident could undermine the true value of a deal.
  • Certain carriers are adjusting their ransomware coverage appetites and considering sublimits and co-insurance alternatives.
  • Claims and losses related to the coronavirus pandemic are expected, as malicious cyber infections disguised as documents related to the health crisis have been reported in the U.S. and Canada. Organizations may be more vulnerable than usual, as employees work remotely through potentially less secure networks with less secure hardware.

Coverage continues to evolve and expand to cover regulatory risk, reputational damage, forensic accounting and gap exposures.

  • The E.U. General Data Protection Regulation (GDPR) went into effect in May 2018, and the California Consumer Privacy Act will go into effect this year. We have seen cyber markets more affirmatively address coverage for claims stemming from these regulations. Markets are also offering expanded wrongful collection and compliance coverage largely in response to these rules.
  • Other coverage expansions include forensic accounting coverage, reputational damage coverage and invoice manipulation provisions in certain industries.
  • Business interruption/system failure continues to be an area of concern for underwriters. Heavily exposed industry classes, such as aviation, manufacturing and transportation, have seen increased underwriting scrutiny. While coverage remains available, certain industries face significant premium increases.
  • Cyber underwriters are working more closely than ever with their counterparts in other lines to address silent cyber coverage. Carriers are withdrawing or limiting cyber coverage in non-cyber insurance lines due to concern over aggregation.

Carriers are growing increasingly sophisticated in their underwriting.

  • Insurers are exploring partnerships with InsurTech and FinTech firms in an effort to gather and optimize exposure data and to enable underwriters to assess how organizations and their employees handle sensitive data. Underwriters want to understand an organization’s cyber culture; this can offer opportunities for buyers to differentiate themselves if they are developing holistic approaches to cyber risk across people, capital and technology.
  • Carriers are starting to require ransomware supplemental applications given the spike in ransomware losses and are underwriting wrongful collection coverage more vigorously.


Each applicable policy of insurance must be reviewed to determine the extent, if any, of coverage for COVID-19. Coverage may vary depending on the jurisdiction and circumstances. For global client programs it is critical to consider all local operations and how policies may or may not include COVID-19 coverage. The information contained herein is not intended to constitute legal or other professional advice and should not be relied upon in lieu of consultation with your own legal and/or other professional advisors. Some of the information in this publication may be compiled by third party sources we consider to be reliable, however we do not guarantee and are not responsible for the accuracy of such information. We assume no duty in contract, tort, or otherwise in connection with this publication and expressly disclaim, to the fullest extent permitted by law, any liability in connection with this publication. Willis Towers Watson offers insurance-related services through its appropriately licensed entities in each jurisdiction in which it operates. COVID-19 is a rapidly evolving situation and changes are occurring frequently. Willis Towers Watson does not undertake to update the information included herein after the date of publication. Accordingly, readers should be aware that certain content may have changed since the date of this publication. Please reach out to the author or your Willis Towers Watson contact for more information.

Contact Us

Related Capabilities