image

Cyber REDY® Index Q3 2024

The REDY Index leverages CRC Group’s collection of actionable data – the wholesale industry’s largest. It provides critical pricing analysis monthly, giving you a snapshot of the marketplace. The REDY Index generates instant intelligence on pricing trends by industry or coverage, enabling our retail partners to set accurate data-driven expectations with their clients. Removing the guesswork empowers CRC team members to negotiate competitively, consistently producing better outcomes, better deliverables, and better results.

 

CYBER REDY® INDEX - October 2024
MONTHLY RENEWAL PRICING ANALYSIS

PROPERTY REDY INDEX October 2023 MONTHLY RENEWAL PRICING ANALYSIS

Results displayed above reflect average CRC Group Cyber renewal pricing changes by month (over the previous 12 months). Results are limited to brokerage accounts that renewed in the same month as the prior year with the same total account limits. To remove outliers, the top and bottom 1% of accounts by YoY % change have been removed, as well as the top and bottom 1% of accounts by rate online (Premium/Limit*100). The REDY Index is intended for educational purposes only as individual accounts typically differ from average pricing trends.

CYBER EMERGING ISSUES

  1. The exposure around lawsuits for violation of data privacy laws not connected to cyberattacks is growing significantly. The availability of coverage for these lawsuits varies wildly in the cyber market, and it is important to work with a specialist broker to ensure clients maintain appropriate coverage for their specific exposures.
  2. Claims studies show that both ransomware and business email compromise / social engineering attacks continue to rise. Current soft market conditions cannot continue in perpetuity with rising claims. We expect some hardening, or at least stabilization in the market, but likely not until 2025.
  3. While security requirements vary by size and class of business for individual risks, the starting point for nearly all risks are MFA for remote access and email, offline backups, employee training on security and phishing issues and dual authorization for wire transfers. As clients grow in size, MFA for all privileged account log ins, next-generation anti-virus protection with EDR, email filtering solutions, and tested backup plans are required. For the largest and most complex risks, the use of a security incident and event management (SIEM) as well as a security operations center (SOC) are preferred, and even mandated in certain cases.
  4. Attacks against single points of failure have increased for entire industries such as Change Healthcare and CDK. Given the impact to hundreds if not thousands of clients, the structure of dependent business interruption is more important than ever. Even traditional business interruption claims are experiencing a rise in both tail exposures for complex BI claims and liability claims after cyberattacks.
  5. Difficult cyber classes that require a specialist cyber broker include manufacturing, architects/engineering firms, healthcare, real estate, collection agents, title/escrow, municipalities, schools, managed service providers, utilities, law firms, technology (including game developers/ distributors), and any risk with a high number of PII or PHI records.