Cyber Market Update | Q1 2022

Property & Casualty

Cyber Market Update

Q1 2022: Not Yet Through the Hard Market

The intensifying hard market conditions of the second half of 2021 will likely carry into the first and second quarter of 2022. Q1 of 2022 will see cyber markets looking to adjust their first half of the year books to reflect the level of rates and capacity they sought in the second half of last year, and emphasis will continue on underwriting and controls. However, the inversion of the capacity curve and rate per million curve will begin to flatten as we move through the end of the first quarter and into the second quarter. Insureds renewing in 01 2022 should expect premium increases beginning in the 100% range and will need to work closely with their chief information security officers and IT security professionals to address vulnerability concerns of underwriters. Starting early in the process with your cyber risk professional and addressing these areas prior to approaching underwriters will have positive impacts on helping to reduce premium increases, maximize market capacity and eliminate reductions in your coverage such as sub-limits for ransomware, co-insurance and exclusions for dependent networks.

A Closer Look at the Market

Capacity (Limits)

  • Major markets have reduced their maximum lines to $10M and more commonly only offering $5M or $2.5M.
  • The London market has recently experienced capacity constrictions, with many unable to offer new or renewal options.
  • A small number of carriers have exited the market, many due to lost reinsurance backing.


  • Increases of 100%+ have become the baseline.
  • It is not uncommon to see increases up to 300% with no material changes in exposure.
  • Expect further increases for accounts with recent losses or less than fully mature IT security controls.

Retentions and Co-Insurance

  • Markets are requiring retention increases of up to 1,000% depending on controls, company size and business operations.
  • Many markets require co-insurance and a sublimit for ransomware and contingent business interruption.
  • Waiting periods are increasing from hours to days.


  • Media, wrongful collection of information, biometrics and contingent business interruption coverages are being limited.
  • Coverages that can be viewed as outside of the scope of pure cyber have started to be restricted.
Cyber Risk Team