Demand is rising, threats are shifting, and insurers are scrambling to keep up
Ransomware’s surge around 2020 didn’t just trigger a spike in claims—it permanently reshaped how cyber insurance is priced, sold, and understood.
“Pricing was very, very cheap,” said Matthew Danielak (pictured), head of broking, FINEX Cyber / E&O, North America at Willis, a WTW business. “That was more of a blip on the radar in the company’s overall spend.” But after ransomware attacks became widespread, insurers and buyers could no longer treat cyber coverage as optional.
“It forced the industry to mature quickly,” Danielak said. Until then, the market had little meaningful data to work from. “Many of our other lines had decades of claims data. We didn’t. We had kind of the one-offs and the big headline grabbers—the Home Depots, the Targets, the TJXs. But those were the one-offs instead of the norm.”
Once attackers started targeting organizations of every size and industry, the market shifted. “If you had a computer system, you needed this type of insurance because you were susceptible,” he said.
Cyber coverage moved into the boardroom
Executives who once ignored cyber spend are now involved in coverage decisions. “C-suites are now focused on, do we have this coverage? How much coverage do we have? How much are we spending?” said Danielak. “Companies are spending significant amounts now to make sure they’re protected.”
He noted a clear change in buyer behavior. Where cyber once played a small, sometimes symbolic role in risk strategy, it’s now central to operational resilience.
That shift has attracted an influx of new carriers over the past five to six years – from long-time underwriters to MGAs targeting mid-market and small business segments. “A lot of companies look at it as a growth engine,” he said. “It’s moving at a rapid pace and it’s hard to keep up with because what’s relevant and applicable today could be very, very different in a week’s time or a month’s time.”
Buyers want deeper insight, not just limits
As exposure levels grow and insurance becomes a key contract requirement for many businesses, policyholders are no longer content to buy on price alone. “Clients are trying to get smarter,” Danielak said. “They’re looking to us as brokers and third parties to help them with risk quantification and risk assessment.”
They’re also under more pressure from their own partners. “Most companies are utilizing third-party vendors for critical business functions,” Danielak said. “It entails a significant amount of data – very sensitive information.” That’s increased scrutiny across vendor relationships and driven demand for higher cyber limits.
Budget remains a factor. Not all buyers can afford the coverage they’d ideally want, but many are increasing limits incrementally at each renewal. “They might not be able to buy exactly how much they want, but they are exploring additional limits,” he said.
Carriers are split on how to address AI and deepfakes
Emerging threats like AI-fueled attacks and deepfakes have sparked an uneven response across the insurance market. Some carriers are offering affirmative coverage or issuing targeted endorsements, while others are holding back.
“They want to try and get their arms around what the risk landscape is and what the actual exposures or potential financial liabilities could be,” said Danielak. “Rather than just jumping out and putting out press that they’ve got coverage here, they’ll rely on the base policies that they have.”
For now, most base wordings are broad enough to respond to standard cyber claims, including regulatory actions and ransomware. But Danielak warned that perception matters. “If you lag or you’re slow, you could have a perception that you don’t want to cover, or it’s not covered in your policy.”
Still, rushing to cover emerging risks carries its own complications. “We might be just coming up on addressing what we are seeing now, and it might all be a thing of the past in a couple months’ time,” he said.
Blurring lines between cyber and other policies
As threat actors find new ways to weaponize digital infrastructure, insurers are confronting cross-line exposures – cyber incidents that cause physical damage, bodily injury, or business interruption outside traditional definitions.
Danielak pointed to efforts from Lloyd’s and others to reduce “silent cyber” across policies like property, cargo, and casualty. In doing so, they’re drawing harder lines around what belongs in a cyber policy. “We’re seeing hard and fast exclusions put on,” he said. “Much of what we’re hearing in different lines is: that is not a property peril.”
That’s prompted cyber underwriters to request more information, including property and operational risk data, to properly assess physical damage or contingent exposures. The goal, Danielak said, is to remove ambiguity – and avoid coverage gaps.
“It’s going to be more of a blend,” he said, describing a future where brokers, carriers, and clients work across lines to ensure “policies really aren’t leaving any gaps but clearly identifying where coverage should be found.”
Related Stories
LATEST NEWS
