Skip to main content
main content, press tab to continue
Survey Report

Insurance Marketplace Realities 2025 – Cyber risk

October 4, 2024

Market stabilization has continued through the third quarter of 2024, even in the face of an ever-expanding threat landscape.
|Financial, Executive and Professional Risks (FINEX)
N/A
Rate predictions: Cyber risk
  Trend Range
Cyber risk Flat, (Neutral decrease) -5% to flat

We are currently seeing flat primary and excess cyber renewals and, in some instances, even decreases, and capacity continues to be readily available.

  • Premium stabilization has continued through the third quarter of 2024. Increases, if any, are typically seen by those organizations that cannot demonstrate strong ransomware controls.
  • Underwriting decisions are heavily influenced by the security controls a company has in place in conjunction with pricing and attachment points.
  • Competition is strong among markets and certain risks may receive multiple quotes. Incumbents are eager to retain business.
  • Increased limit factors (ILFs) have come down in excess placements due to intense competition, especially on large towers, where there have been significant premium decreases.
  • Capacity is plentiful in the market, and carriers are pushing to increase their participation back to $10 million blocks on programs.
  • Many policyholders are electing either to purchase additional limits or lower retentions when there are premium savings on renewals.
  • We are seeing carriers more willing to underwrite to the gray area between yes/no within the applications.

Despite organizations taking more precautions to increase their cyber security, ransomware attacks show no sign of slowing down.

  • According to Coveware, while median ransom payments fell 32% between Q1 and Q2 of 2024, the average ransom payment rose 2.4% during the same period.
  • More groups are conducting ransomware attacks and ramping up pressure on alleged victims, as the number of ransomware groups posting to data leak sites increased 67% during the six-month period ending in June (Rapid7 Ransomware Radar Report 2024).
  • Ransomware affected 59% of organizations in 2024 (Sophos The State of Ransomware 2024).

Markets continue to grapple with how to address claims and losses that may result from state-sponsored cyber-attacks, as well as exposures stemming from wrongful collection, the use of artificial intelligence and new SEC rules.

  • There are a wide variety of approaches to wrongful collection coverage, as markets assess how biometric information legislation, as well as chat bot and meta pixel litigation, increased exposure to certain organizations.
  • A recognition of how organizations are using AI, the extent of the new risks associated with the technology and an examination of where coverage for these exposures lie continues to be a theme in 2024.
  • Although the threat of cyber warfare continues to be a concern, more markets are showing flexibility when it comes to war exclusions, recognizing that clients have varying opinions on the options available.
  • In light of new SEC rules adopted in 2023, requiring that public companies disclose cyber security breaches within four days after a determination of a material incident, we are seeing several markets offering sub-limited coverage for SEC disclosure costs.

Specific industry trends

  • Financial institutions: The Moveit transfer application vulnerability had a significant impact on this industry, since more than 30.86% of the hosts running the application were financial services organizations. Hard market corrections were made to this class in the prior year, so decreases are flattening. FIs are generally viewed as better risks than other industry classes, so there tends to be more competition among markets for this business. Further, according to Parametrix, a modeling and insurance services firm, Fortune 500 companies in the banking industry will suffer the second largest direct financial loss ($1.149 billion) due to the CrowdStrike incident.
  • Healthcare: In February, we saw the real-time devasting consequences of a ransomware cyber-attack on a large healthcare organization, as well as the downstream impact to the network of healthcare providers relying on that organization to process claims and make payments. As the extent of this event is still unknown, it will take time for carriers to understand fully what pricing or coverage adjustments, if any, need to be made to their healthcare book. Further, according to Parametrix, Fortune 500 companies in the healthcare sector will suffer the largest direct financial loss ($1.938 billion) due to the CrowdStrike incident.
  • Retail: Our retail clients have seen a unique blend of exposures, as they regularly handle a significant amount of customer data while using social media and influencers, which involves reliance on third-party vendors to deliver their products and AI on their websites and at distribution centers.
  • Construction: Ransomware continues to impact the construction and architects & engineers industry classes, particularly in the small and middle market space. Wire transfer fraud is the most problematic exposure in this industry class and impacts all sized companies.
  • Manufacturing: More companies are grappling with how to protect operational technology (OT) systems, which, if left vulnerable, can lead to large business interruption claims and information technology (IT) systems being affected during an incident. Carriers are becoming more interested in collecting OT-specific underwriting information, including whether OT and IT networks are properly segmented to prevent lateral movement should a bad actor infiltrate one system or the other.
  • M&A: Organizations are lately focused on industry-specific enhancements and a more efficient process/approach to writing portfolio companies, which carriers have been willing to accommodate.
  • Higher education: Underwriter scrutiny around end of life (EOL) systems has ramped up based on the custom software used by many educational institutions. Carriers want to see protections in place or the replacement of these systems with something more secure.

Disclaimer

Willis Towers Watson hopes you found the general information provided in this publication informative and helpful. The information contained herein is not intended to constitute legal or other professional advice and should not be relied upon in lieu of consultation with your own legal advisors. In the event you would like more information regarding your insurance coverage, please do not hesitate to reach out to us. In North America, Willis Towers Watson offers insurance products through licensed entities, including Willis Towers Watson Northeast, Inc. (in the United States) and Willis Canada Inc. (in Canada).

Contacts


Jason Warmbir
Head of FINEX Cyber & Tech

FINEX NA Cyber Thought & Product Coverage Leader

Contact us