The cyber market is improving from previous quarters, with flat renewals and rate reductions becoming common. This is especially true for those who have made IT security improvements. Excess rates are decreasing, which has a strong positive impact on buyers of layered programs. For now, most insureds will likely see a 10% decrease to a 10% increase on primary layers. Those with claims and deficient controls will possibly see higher increases, and those with significantly improved controls will be able to save more.  

Carriers who previously only offered excess or excess layers at a high rate could drop to lower levels, positively impacting excess pricing. New market capacity is available to provide competition and fills gaps.  

Cyber Claims Trends

Ransomware claims frequency decreased through 2022. However, the market saw a rise in ransomware claims in Q1 of 2023. Should ransomware claims continue to increase in frequency through Q2, there is potential for rates to trend upward. While ransomware claims often demand an extortion payment from the organization whose assets have been encrypted, triple extortion is a new trend that puts additional pressure on organizations to pay the ransom demand. Triple extortion demands payment using three types of threats: data encryption, threatening to leak sensitive information and threatening involved third parties.  

Privacy claims have increased in frequency, specifically those related to pixel technology and biometric data. Business email compromise incidents continue to lead the industry as the most frequent type of claim. As the U.S. economy prepares for a potential recession, activities such as large company layoffs could create a vulnerability for bad actors to exploit.  

It will be essential for organizations to ensure multi-factor authentication controls remain in place and accessibility to private company information is immediately removed for terminated employees. With tax season, we often see spikes in W2 theft incidents. Companies are urged to be diligent in their privacy controls and security training to avoid potential employee privacy issues.  

Capacity Increases and Growing Competition 

The market has continued to see additional capacity enter the marketplace, with more and more carriers offering $10M on a single layer, as opposed to the previous maximum limits of $3M or $5M and $50M or more from new players. With rates trending down, underwriters are under significant pressure to maintain their renewals and compete on new business, a stark contrast from the last 6-18 months.

Coverage Limitations

Carriers are trying to protect financial stability by limiting their risk transfer for potential catastrophic events. Those events could be cyber terrorism, state-sponsored attacks or other widespread events.  

While the strict war exclusions were first seen mandated in the London market, several carriers in the domestic marketplace have added new war exclusion language intending to exclude cyber terrorism claims associated with war. Widespread events, such as log4J, SolarWinds or Kaseya, potentially pose threats similar to war-like actions, and carriers have begun limiting their exposure to these events.  

Customers with unfavorable security postures could see coverage limitations specific to ransomware. However, in the current market, carriers are more willing to provide value-added services to help improve their security posture.  

Property & Casualty Team