Cyber Market Update | Q1 2022

Property & Casualty

Cyber Market Update

Q1 2022: Not Yet Through the Hard Market

The intensifying hard market conditions of the second half of 2021 will likely carry into the first and second quarter of 2022. Q1 of 2022 will see cyber markets looking to adjust their first half of the year books to reflect the level of rates and capacity they sought in the second half of last year, and emphasis will continue on underwriting and controls. However, the inversion of the capacity curve and rate per million curve will begin to flatten as we move through the end of the first quarter and into the second quarter. Insureds renewing in 01 2022 should expect premium increases beginning in the 100% range and will need to work closely with their chief information security officers and IT security professionals to address vulnerability concerns of underwriters. Starting early in the process with your cyber risk professional and addressing these areas prior to approaching underwriters will have positive impacts on helping to reduce premium increases, maximize market capacity and eliminate reductions in your coverage such as sub-limits for ransomware, co-insurance and exclusions for dependent networks.

A Closer Look at the Market

Capacity (Limits)

  • Major markets have reduced their maximum lines to $10M and more commonly only offering $5M or $2.5M.
  • The London market has recently experienced capacity constrictions, with many unable to offer new or renewal options.
  • A small number of carriers have exited the market, many due to lost reinsurance backing.


  • Increases of 100%+ have become the baseline.
  • It is not uncommon to see increases up to 300% with no material changes in exposure.
  • Expect further increases for accounts with recent losses or less than fully mature IT security controls.

Retentions and Co-Insurance

  • Markets are requiring retention increases of up to 1,000% depending on controls, company size and business operations.
  • Many markets require co-insurance and a sublimit for ransomware and contingent business interruption.
  • Waiting periods are increasing from hours to days.


  • Media, wrongful collection of information, biometrics and contingent business interruption coverages are being limited.
  • Coverages that can be viewed as outside of the scope of pure cyber have started to be restricted.
Cyber Risk Team

DISCLAIMER: Brown & Brown, Inc. and all its affiliates, do not provide legal, regulatory or tax guidance, or advice. If legal advice counsel or representation is needed, the services of a legal professional should be sought. The information in this document is intended to provide a general overview of the topics and services contained herein. Brown & Brown, Inc. and all its affiliates, make no representation or warranty as to the accuracy or completeness of the document and undertakes no obligation to update or revise the document based upon new information or future changes.