Is There Light at the End of the Tunnel?

In late 2020, after years of soft market conditions, the cyber insurance market abruptly entered a hard market. A significant increase in frequency and severity of ransomware attacks and cybercrime between 2019 and 2020 sent the market into a tailspin. Cyber insurers reacted swiftly in an attempt to stabilize loss ratios.

By January 2021, cyber insurance premiums were skyrocketing for companies of all sizes in all industry verticals. In addition to premium increases, retentions were doubling and tripling, capacity was reduced, coverage was tightened, and the underwriting of cyber risks became highly technical and complex. The cyber insurance market was in a dark place.

As we enter the last quarter of 2022, we are beginning to see some breaks of light. It would be far too ambitious to say the market is “softening”, but there are signs of stabilization. Here is what you need to know about the cyber insurance market today:

Rates Stabilizing… Sort Of

Although premium increases on primary layers still exist, those increases are generally coming in at lower levels than we have seen in the previous 18-24 months. Additionally, there is increased competition on excess placements which often leads to pricing decreases on excess layers.

It is important to keep in mind that rate increases still vary widely based on company size, industry, claim activity and extent of security controls. Large organizations and certain industry sectors are still struggling with significant increases.

Capacity Reemerging

For the first time in almost two years, carriers are reemerging with offers of $10 million limits on primary layers, along with pricing that (in some instances) matches pre-hard market rates.

New players are emerging with unique approaches to cyber risk transfer and existing players are resurfacing and competing on excess layers more frequently.

Still Looking For Skin in the Game

Most cyber insurers still rely on high retentions and deductibles as a way of spreading the risk with the policyholder. However, today, a high retention is more likely to be accompanied by a premium credit of some sort.

Sharpening The Pencil on Coverage

Cyber insurance coverage is still relatively tight and getting even tighter. Cyber insurers are sharpening their pencils when it comes to coverage. Recent court decisions, coupled with global-political tension and instability is causing insurers (cyber and otherwise) to revise War Exclusions

and exceptions for Cyber Terrorism. Many cyber insurers are also seeking to limit exposure to systemic risk by adding exclusionary or limiting wording to cyber policies. In addition, some insurers are slowly pulling away from certain “crime” related coverages such as Social Engineering Fraud.

Multi-Factor Authentication: Enhanced Underwriting

Technical underwriting has not changed one bit! In fact, underwriting questions are even more comprehensive and technical in nature. Basic security controls that became the standard for “insurability” two years ago are still very much a requirement. The good news is competition is heating up for risks that meet the “insurability” standard.

In addition to the emphasis on security controls, insurers are increasingly focused on less tangible criteria such as:

  • Meaningful Security Awareness Training: How current is your training material? Do your security awareness trainings incorporate current tactics being used by cybercriminals?
  • Incident Response Readiness: How prepared are you to respond to an incident? Do you have Incident Response Playbooks? Have you tested them?
  • Data Privacy: Are your business practices compliant with current data privacy regulations?

Market Saturation Intensifies

When cyber insurance first shifted to a hard market, most insurance brokers began conducting full marketing exercises on most accounts in an attempt to achieve the best possible price and terms for clients. At about the same time, the demand for cyber insurance increased significantly. Full marketing together, with increased demand for cyber insurance, resulted in a literal tidal wave of applications directed at cyber underwriters. This is still the case today; however, the increase in competition on risks is creating even more strain on cyber underwriters given it takes more time to offer terms on a risk than it does to decline a risk.

Although the cyber insurance market is still quite challenging, we are seeing some peaks of light suggesting a level of stabilization that we have not seen in almost two years. Cyber risk is perhaps the most dynamic risk the insurance market has seen to date. The threat landscape evolves at an incredibly rapid rate. The rapid shifts in the risk environment push cyber insurers to pivot and frequently reassess underwriting requirements, pricing and terms. There is no suggestion that will change.

Kelly Geary
Kelly GearyNational Executive Risk & Cyber Practice Leader
Kelly Geary, Esq., CIPP US, is a Managing Principal with EPIC based in the New York City area. In addition, she serves as the National Practice Leader – Executive Risk and Cyber/Professional Services and Coverage Counsel & Claims Leader for Lemme, a division of EPIC.

©2022 Edgewood Partners Insurance Center. All rights reserved. | CA License: 0B29370, URL: (November, 23, 2022)

More news @Trust Risk Control