The REDY Index leverages CRC Group’s collection of actionable data – the wholesale industry’s largest. It provides critical pricing analysis monthly, giving you a snapshot of the marketplace. The REDY Index generates instant intelligence on pricing trends by industry or coverage, enabling our retail partners to set accurate data-driven expectations with their clients. Removing the guesswork empowers CRC team members to negotiate competitively, consistently producing better outcomes, better deliverables, and better results.
CYBER REDY® INDEX - April 2023
MONTHLY RENEWAL PRICING ANALYSIS
The Cyber Liability market is starting to soften after nearly 3 years of large increases, with changes in underwriting requirements and an overall market correction. While renewal premiums are starting to flatten or see slight decreases to retain business with strong controls, accounts with poor controls or operating in higher-risk industry classes should still expect minor premium increases and underwriting scrutiny of security posture at times. For new business or higher capacity needs, 2023 is proving to be a much easier year to place new coverage and capacity, but underwriters will be seeking strong controls and security posture for tougher classes of business. Underwriters may be more willing to craft policies with minor restrictions for those risks with poorer controls, but tougher risks can still be placed successfully.
CYBER EMERGING ISSUES
- Most underwriters are requiring a completed ransomware application, multi-factor authentication, and fully implemented cybersecurity measures before binding new and renewal accounts. However, this is trending toward a loosening of stringent control requirements for smaller risks.
Acceptable cybersecurity measures include a segregated backup solution, next-generation anti-virus protection with EDR, email filtering solution, MFA for privileged users, email, remote network access, and proper phishing training for all employees.
Cyber insurers are noting a continued trend in ransomware claims. Attacks are increasingly primarily involving the exfiltration of the insured’s data with a corresponding extortion demand. If not paid, the attacker indicates data will be made public or sold on the dark web.
- Difficult cyber classes include healthcare, real estate, collection agents, title/escrow, municipalities, schools, managed service providers, utilities, law firms, technology, including game developers/distributors, and any risk with a high number of PII or PHI records.
- Watch out for ransomware (extortion) sublimits including co-insurance, social engineering callback requirements, cybercrime that excludes third-party funds (escrowed), short periods of restoration, or indemnity from business income and/ or reputational harm-related losses , and Widespread Event sublimits. Also keep an eye on Cyber War, BIPA, Biometric, Online Tracking & Wrongful Collection exclusions.