Business Insurance explainer

Why Cyber Insurance Premiums Have Risen So Sharply

Upward trending graph illustrating sharp rise in cyber insurance premium costs against digital network backdrop

Key Takeaways

  • Ransomware attacks skyrocketed between 2019 and 2022, driving massive insurer losses that triggered market-wide premium hikes.
  • Cyber insurance is still a young line of business, meaning pricing is more volatile than established insurance classes.
  • Insurers are now demanding better security controls — businesses with weak hygiene face the steepest increases or outright declinations.
  • Reinsurance cost increases have amplified the premium surge, as primary insurers pass their own rising costs downstream to policyholders.
  • Businesses that invest in documented security practices, MFA, and incident response plans can meaningfully reduce their renewal premiums.
  • The market has shown signs of stabilization in late 2023–2024, but rates remain significantly elevated compared to pre-2020 levels.

Cyber Insurance Premium Surge

Cyber insurance premiums have increased sharply over the past several years due to a combination of rising claims frequency, catastrophic ransomware losses, and a market-wide reassessment of how risky digital operations actually are. Insurers across the industry have repriced coverage to reflect the true cost of breaches, which routinely run into millions of dollars. This isn't a temporary blip — it reflects a structural shift in how the insurance market values cyber risk.

The cyber insurance market is still considered 'immature' compared to lines like property or general liability, meaning historical loss data is limited and actuarial models are still being refined — a key driver of pricing volatility.

The Loss Explosion That Changed Everything

To understand why your cyber renewal quote looks the way it does, you need to start where insurers started: with the loss experience. Between 2019 and 2022, ransomware claims didn't just increase — they exploded. Threat actors shifted from targeting individuals to systematically attacking businesses, hospitals, municipalities, and critical infrastructure with sophisticated, high-demand ransomware variants. Insurers who had been pricing cyber policies based on the relatively benign loss history of the mid-2010s suddenly found themselves absorbing claims that bore no resemblance to their actuarial models.

The numbers tell a stark story. Ransomware payments increased by over 300% between 2019 and 2020 alone, according to cybersecurity firm Chainalysis. Major incidents — Colonial Pipeline, JBS Foods, Kaseya — demonstrated that a single attack could generate hundreds of millions of dollars in downstream losses. For insurers, these weren't just large individual claims. They were correlated losses, meaning many policyholders were hit simultaneously by the same attack vector or the same software vulnerability.

Global network map showing ransomware attack spreading across interconnected business nodes with red warning indicators
Ransomware's ability to affect thousands of organizations simultaneously creates 'correlated loss' — insurance's biggest pricing challenge.

The concept of correlated loss is central to understanding why cyber premiums moved the way they did. Most insurance lines deal with largely independent risks — a fire at one building doesn't cause fires at every building the insurer covers. Cyber risk doesn't work that way. A critical vulnerability in widely-used software, or a sophisticated supply chain compromise, can affect thousands of organizations at once. That systemic exposure fundamentally changes how much capital insurers need to hold in reserve, and by extension, how much they need to charge.

300%+

Increase in ransomware payments, 2019–2020

According to Chainalysis blockchain analytics research tracking ransomware payment volumes across the same period.

$4.45M

Average cost of a data breach in 2023

IBM's Cost of a Data Breach Report 2023, based on research across 553 organizations globally.

74%

Cyber premium rate increase in 2021

Council of Insurance Agents & Brokers (CIAB) reported commercial cyber premiums increased an average of 74% in Q4 2021.

11%

Average rate decrease for well-qualified risks in 2024

Marsh's Global Insurance Market Index reported cyber rate decreases for some buyers with strong security controls in 2024.

82%

Of breaches involved a human element

Verizon's 2023 Data Breach Investigations Report, underscoring why insurers weight employee training so heavily in underwriting.

How Insurers Responded: Tighter Terms, Higher Rates

When losses outpace premiums badly enough, insurers have two options: exit the market or reprice. Most chose to reprice aggressively while simultaneously tightening policy terms. This combination hit businesses from both directions — paying more while receiving coverage that was, in some respects, narrower than what they had before.

The most significant change on the terms side was the near-universal introduction of ransomware sublimits and coinsurance requirements. Where policies had previously covered ransomware losses at full policy limits, insurers began capping ransomware payouts at a fraction of the total limit — often 50% or less — unless the business could demonstrate specific security controls. Coinsurance requirements meant businesses had to absorb a portion of any ransomware loss themselves, even with coverage in place.

The 'Silent Cyber' Problem

Before the market hardening, many businesses had unknowing cyber coverage embedded in general liability, property, and commercial crime policies — what insurers called 'silent cyber.' As losses mounted, insurers systematically removed or clarified cyber coverage in non-cyber policies, forcing businesses to purchase standalone cyber coverage they hadn't previously needed. This contributed to the demand surge that further tightened market capacity. If you're relying on a general liability policy to cover a data breach, review the exclusions carefully — that coverage almost certainly no longer exists.

Underwriting questionnaires also became dramatically more detailed. Prior to 2020, many cyber applications were brief, asking basic questions about company size and the type of data handled. By 2022, carriers were requiring detailed answers about multi-factor authentication deployment, backup strategies, endpoint detection tools, and incident response planning. See how underwriters assess cyber risk when pricing a policy for a full breakdown of what those questionnaires are looking for and why each control matters to pricing.

Businesses that couldn't demonstrate adequate controls faced three outcomes: steep premium increases, reduced limits, or outright declination. The market effectively bifurcated — companies with mature security practices were able to secure coverage at rates that were high but manageable, while businesses with weak hygiene found coverage increasingly difficult to obtain at any price.

Benchmark Before You Renew

Ask your broker to provide a market benchmark showing how your premium compares to similar businesses in your industry and revenue range. Significant deviation from benchmark — in either direction — warrants explanation. If you're paying well above benchmark without a clear reason tied to your specific risk profile or claims history, you may have room to negotiate or shop the coverage.

Document Controls Before Application Submission

Don't wait for the underwriting questionnaire to think about your security controls — document them proactively before renewal season. Written evidence of MFA deployment, backup testing logs, and completed employee training records gives your broker concrete material to present to underwriters. Applications supported by documentation consistently receive better pricing than identical answers without supporting evidence.

The Reinsurance Multiplier Effect

There's a layer of the insurance market most policyholders never think about: reinsurance. Reinsurers are the companies that insure insurance companies, absorbing a share of losses in exchange for a share of premiums. When primary insurers face catastrophic losses, reinsurers absorb a significant portion — which means reinsurers were also taking punishing losses from the ransomware surge.

The reinsurance market's response was swift and severe. Reinsurers reduced their capacity for cyber risk, increased their own rates substantially, and introduced restrictive terms of their own — including exclusions for losses arising from state-sponsored cyberattacks, a clause that became widely known as the war exclusion and sparked significant controversy and litigation in the Lloyd's of London market.

Diagram illustrating the three-tier relationship between policyholders, primary insurers, and reinsurance companies showing premium and capacity flows
Reinsurers absorb risk from primary insurers — when reinsurance costs rise, those increases flow directly to policyholders.

When reinsurance capacity shrinks or becomes more expensive, primary insurers have no choice but to reduce the coverage they offer and charge more for it. This multiplier effect amplified the premium increases beyond what primary loss trends alone would have justified. A business owner renewing in 2022 was effectively paying not just for their own risk, but for the tightened reinsurance market that their insurer was navigating simultaneously.

This dynamic is worth understanding because it explains why premium increases weren't uniform across the market. Carriers with better reinsurance arrangements, or those who had been more disciplined in their underwriting during the growth years, were able to moderate their rate increases. Carriers with worse reinsurance positions or higher loss ratios had to increase rates more dramatically. Your broker's ability to identify the carriers in stronger positions mattered a great deal during peak hardening.

Industry-Specific Exposure and Its Effect on Pricing

Not all industries saw the same premium trajectory. Sectors with higher inherent risk — healthcare, financial services, legal, and retail — faced the steepest increases because their loss experience was disproportionately bad. Healthcare organizations, in particular, were targeted aggressively during the pandemic, when systems under strain were less capable of defending against attacks and the pressure to restore operations made paying ransoms more likely.

Industries that face the highest cyber liability exposure vary in the specific nature of their risk, but share common characteristics: they hold large volumes of sensitive personal or financial data, they operate under regulatory frameworks that impose mandatory breach notification and fines, and their operational downtime carries significant financial consequences. Each of these factors drives up expected loss costs, which drives up premiums.

Healthcare is a particularly instructive case. A breach at a medical practice doesn't just generate IT remediation costs — it triggers HIPAA notification requirements, potential OCR investigations, and regulatory fines that can reach into the millions. Cyber insurance for healthcare practices addresses these layered exposures, but the regulatory dimension is exactly why healthcare premiums have risen faster than most other sectors. Insurers aren't just pricing the breach cost — they're pricing the regulatory tail that follows it.

What Businesses Can Actually Do About It

The good news — and there is genuine good news here — is that the cyber insurance market has become more rational, not less. The blunt premium increases of 2021 and 2022 were, in part, a market-wide course correction from years of under-pricing. As underwriting has become more granular and security controls more verifiable, the connection between a business's actual security posture and its premium has tightened. That means businesses with good practices are being differentiated from those with weak ones, rather than everyone paying the same inflated rate.

The controls that move the needle most are well-documented at this point. Multi-factor authentication for all remote access and privileged accounts is the single most consistently weighted factor across underwriters. Offline or immutable backups — backups that ransomware cannot encrypt — directly reduce the maximum severity of a ransomware claim and are reflected in pricing. Endpoint detection and response tools, email filtering, and documented employee security training round out what most underwriters consider baseline expectations for a well-managed risk.

“The cyber insurance market is going through the same maturation process that workers' compensation went through decades ago — painful repricing, tighter underwriting, and ultimately a market that works better because loss data finally caught up with the actual risk.”

— Robert Hartwig, Clinical Associate Professor of Finance and Director, Center for Risk and Uncertainty Management, University of South Carolina

Beyond technical controls, having a documented incident response plan has a measurable effect on premium. How a cyber incident response plan affects your insurance premium explains the mechanics in detail, but the core logic is simple: insurers know that businesses with documented response procedures contain breaches faster, reducing both remediation costs and regulatory exposure. Faster containment means smaller claims, which means better pricing.

It's also worth understanding that factors beyond your security posture can affect renewal pricing — market conditions, carrier appetite shifts, and reinsurance dynamics all play a role. Factors that can unexpectedly spike your renewal premium covers the broader landscape of what drives renewal increases across insurance lines.

Benchmark Before You Renew

Ask your broker to provide a market benchmark showing how your premium compares to similar businesses in your industry and revenue range. Significant deviation from benchmark — in either direction — warrants explanation. If you're paying well above benchmark without a clear reason tied to your specific risk profile or claims history, you may have room to negotiate or shop the coverage.

Document Controls Before Application Submission

Don't wait for the underwriting questionnaire to think about your security controls — document them proactively before renewal season. Written evidence of MFA deployment, backup testing logs, and completed employee training records gives your broker concrete material to present to underwriters. Applications supported by documentation consistently receive better pricing than identical answers without supporting evidence.

Where the Market Stands Now and What to Expect

The cyber insurance market entered a period of relative stabilization in late 2023 and into 2024. Rate increases slowed dramatically for businesses with strong security profiles, and some well-qualified risks actually saw modest decreases at renewal. Capacity returned to the market as new carriers entered and existing carriers grew more comfortable with their underwriting frameworks. This is a meaningful improvement from the peak hardening years, but it comes with an important caveat: the baseline is now much higher than it was in 2019 or 2020.

Businesses that delayed purchasing cyber coverage during the hardest years because of sticker shock are now entering a more accessible market — but premiums remain several multiples of what they were five years ago. The market has not reset to pre-2020 pricing and is unlikely to. The loss experience is baked into the actuarial expectations for the line, and the systemic risk of correlated cyberattacks hasn't diminished — if anything, AI-assisted attack tools and increasingly sophisticated threat actors suggest the underlying risk environment continues to evolve.

Business professional reviewing cybersecurity metrics showing premium rate stabilization trend on computer monitors in modern office
Rate increases have slowed in 2023–2024, but premiums remain significantly higher than pre-pandemic baselines.

The most actionable framing for a business owner is this: treat cyber insurance premiums the way you treat any other operating cost tied to risk management. Invest in the controls that reduce your exposure and your premium simultaneously. Work with a broker who specializes in commercial lines and can articulate your security posture to underwriters in terms that matter. And don't assume your current coverage adequately reflects your current exposure — business operations change, data volumes grow, and policy terms that were sufficient two years ago may have gaps today.

For a sense of how underwriters will evaluate your specific situation at your next renewal, understanding how underwriters assess cyber risk is the most direct preparation you can do before your application goes in.

Frequently Asked Questions

Marcus Bellingham

Author

Marcus Bellingham

B.B.A. in Finance, University of Texas at Austin, Chartered Property Casualty Underwriter (CPCU)

Marcus Bellingham is a commercial insurance specialist with background in underwriting small-to-mid-size business policies including commercial auto, cyber liability, and specialty lines. He writes to help business owners understand the gaps between personal coverage and the commercial protection their operations actually require. His focus is on practical risk awareness without unnecessary complexity.

commercial autocyber liabilitysmall business insurancecommercial underwriting
View all articles by Marcus Bellingham →

All claims in this article are backed by peer-reviewed research. We follow strict editorial guidelines to ensure accuracy and reliability. Sources available on request from our editorial team.

Disclaimer: The content on Insure Ninja is for informational purposes only and is not a substitute for professional advice. Always consult a qualified professional for guidance specific to your situation.

Related articles