Buyer-Friendly Cyber and E&O Market: How to Take Advantage
A buyer-friendly Cyber and E&O market is quickly emerging. Learn more about the changing global market and how to capitalize on it.
Substantial new capacity and improved insurer loss performance have led to decreasing rates in Cyber and E&O in early 2023.
Premium rates are expected to continue softening, with global economic, geopolitical or systemic cyber events potentially impacting the market.
Underwriting remains rigorous. Buyers should start their renewal placement process early to build a strong risk narrative to share with underwriters.
After experiencing rate increases over 100 percent in late 2021 and early 2022, the global cyber and
errors & omissions (E&O) market has undergone a distinct and dramatic pendulum swing,
shifting toward a buyer-friendly market in early 2023.
There are a variety of market factors contributing to the new rate environment, including:
New and returning markets have brought new capital and competition, leading to further rate
A decline in loss frequency and severity as businesses continue to help strengthen their
security risk controls and enhance their risk profiles
A redirect to more sustainable pricing levels after a potential overcompensation for ransomware
losses in 2021-2022
However, underwriters — who now operate at a more in-depth, technology-driven and sophisticated
level — are maintaining rigor as they closely monitor global events that may impact cyber
claims. Economic changes, a shift in the geopolitical environment and widespread systemic cyber
events could all adversely impact continued rate reductions.
These three areas are expected to shape the market through the balance of 2023:
Substantial new capacity will help soften the market. Aon expects that premium
rates in 2023 will be more competitive than for the prior 24 months, driven by improved loss
ratios and an influx of new capital that has created a higher global premium pool, especially in
the excess markets.
War exclusions, infrastructure exclusions, and “widespread events”
remain in the terms and conditions spotlight. Updated war exclusions have been
introduced and are inconsistent across the global cyber insurance marketplace. Infrastructure
exclusion updates, specifically for the digital environment, merit thoughtful analysis and
dialogue among brokers and insureds. Limiting coverage for widespread events or widespread
outages is an effort to solidify the future of cyber insurance, but it risks deteriorating the
value proposition of cyber insurance for businesses that see benefit to outsourcing technology
and security to third party providers.
The underwriting process is rigorous, but it’s also more comfortable for
businesses, if they are well-positioned to share their security narrative. Assembling the right
team and investing the right resources across the organization can help achieve improved
coverage results at renewal.
Buyers can take advantage of market improvements by starting their renewal placement process early
and continue to build relationships with insurers. Businesses have become more prepared,
collaborating internally to provide strong strategies around contractual risk management,
information security, privacy and operational continuity. An early start can give the risk manager
more control and address potential bumps in the road.
“Where businesses were constrained by availability in 2021 and into 2022 it is now vastly
different,” says David Molony, Head of Aon’s Cyber Solutions for EMEA. “Instead,
buyers should now be looking at mitigating their exposure — taking advantage of the market at
the expense of sacrificing coverage to help save short-term premium dollars.”
While the E&O and Cyber market has many similarities between regions, it’s important to
acknowledge existing differences. We explore market conditions across the globe — including
capacity, loss trends, pricing and coverage.
Capacity developed throughout 2022, introducing additional options and a more
marketplace — which many insureds used to their benefit.
Capacity continues to grow in Q1 2023, with growing availability to insureds
insurers and increased carrier limits. Many insurers offering cyber insurance
growth goals for the product. These two factors, along with improved risk
insured security environments, create a powerful competitive landscape.
Severe pricing adjustments experienced in 2021 and 2022 are still top of mind.
The hard market
was the result of poor loss experience throughout 2018, 2019 and 2020.
Loss frequency continues to decline from its peak in 2021 but remains higher
than 2019. However,
ransomware frequency increased sharply, up 49 percent in Q1 2023.
Improved frequency, along with an unprecedented rate environment in 2022, fuel
market growth in
what will likely be a profitable product segment over the next few years.
Rate increases decelerated throughout 2022, beginning in the fourth quarter of
the fiscal year.
Aon anticipates rate decreases throughout 2023.
Aon’s pricing data examines the year-over-year price change on a monthly
basis. This analysis highlights important trends, adding context that some
industry sectors and
client segments are experiencing far greater pricing disruption.
Discuss changing war exclusions with your broker to understand implications on
market impact and
Buyers should not overlook other critical coverage components:
Privacy concerns, including data breaches and broader collection and use
Biometric information. Clients should review any proposed exclusions
biometrics closely with their broker to understand the scope of coverage
Pixel tracking and Video Privacy Protection Act (VPPA) exposures are
being reviewed by insurers, specifically the underlying exposure and in
introducing exclusions. If this exposure is relevant, be wary of
Understanding insurer, vendor and law firm requirements is critical to help
align with a
business’s preferred incident response and litigation approach. Push for
higher rate caps
with pre-approved non-vendor resources to help offset any cost increases.
Capacity continues to grow with local and global markets seeing the APAC region
as a growth
target. Most local markets are increasing average line sizes back to the
historical max line
size of $10 million. In certain circumstances, some markets now offer limits
Capacity deployment is still managed carefully, with a focus on cautious growth.
some insurers are performing better with coverage and pricing when deploying $5
million or less,
even if they can deploy more.
Overall incident frequency declined in 2022, with cyber events falling by 14
percent compared to
Ransomware exposures remain a primary underwriting topic with regional markets,
even with event
frequency declining by more than 40 percent in 2022 (year-over-year). The threat
however, as frequency has risen in other global regions in Q1 2023. Strong cyber
should continue to be stressed.
2022 was characterized by several large and high-profile data breaches across
the region. The
frequency of data breaches declined by only 6 percent. The profile and frequency
of these events
will continue to shape underwriting behaviors and regulatory agendas across the
The most frequently impacted industries in APAC include Public Sector,
Technology, Media and
Telecommunications, Financial Services, Retail and Manufacturing. Manufacturing
becoming more prominent across the region. Operational Technology remains a key
risk concern for
regional markets as well. Further, geopolitical tensions in the region have
importance of supply chain risk, particularly for strategically important
Loss trends have likely improved due to the portfolio management by insurers
over the last 24
months, leading to a positive outlook. However, it will take time for the major
incidents over the last six months to be fully realized by the market, which may
to loss ratios.
Rate increases steadily declined in the second half of 2022, with greater
near year-end. This rounds off average rate increases of more than 50 percent
over the previous
On renewals, we are seeing incremental rate movement on primary layers (both
decreases) and more consistent rate reduction (5-15 percent) on excess layers.
include programs that are exceptionally underpriced and in need of further
correction, or when
carriers have insured a program opportunistically at inflated rates, and more
reductions are achievable.
Rate movement is contingent on, among other factors, a demonstration of a
detailed focus on
security and the extent of previous corrections to pricing.
Coverage has mostly stabilized, with improvements anticipated for businesses
with a detailed
focus on security. Restrictions will be eased where key controls can be
Insureds with excellent security can expect to see improvement in coverage,
however, there is
minimal coverage innovation. Instead, we are seeing a trend back to broader
prior to 2020.
War exclusions have been updated, primarily in line with Lloyd’s guidance,
but there is a
need for more consistent language across insurers, particularly on layered
Other coverage restrictions related to systemic risk events, unpatched
unsupported systems can generally be avoided, particularly where insureds can
productively with underwriters and risk engineers to identify controls in place
and plans for
Capacity has remained stable with current carriers managing exposures. However,
we expect a
broader appetite in the next few months, with carriers confirming that they want
to expand their
current footprint in LATAM.
We also expect a few carriers to move from reinsurance to direct business. Given
limits purchased by clients in LATAM versus other geographies, this is good news
translate into greater capacity for direct clients.
Major cyber attacks have occurred recently across LATAM, primarily ransomware.
industries include retailers, financial institutions, utilities and healthcare.
adjustments made by underwriters, most of the losses have been absorbed by
directly by clients that did not purchase cyber insurance coverages.
Rates per million (RPMs) have remained stable. Premium increases have been
linked to inflation,
in contrast to the previous three years when we saw a very aggressive
re-underwriting of all the
Underwriters are requesting more detailed information and concentrating on
cyber extortion sublimits and coinsurance.
Despite being introduced in 2022, systemic risk exposure and sublimits are still
conversation with carriers. However, it seems like this approach is limited to a
There has not been significant coverage enhancement in the last few months
carriers that have revamped their wording — looking for more clarity,
Businesses must build the appropriate team across key internal stakeholder groups, preparing an
informative security narrative that gives underwriters knowledge of the efforts taken to build a
strong cyber security posture. By working with a broker who understands the market and the
businesses’ coverage needs, buyers can be well-positioned to achieve positive mitigation
U.S. Practice Leader, E&O/Cyber Broking, Aon
How to Help Optimize Market Outcomes in Three Steps
Don’t lose discipline. Underwriting requirements are still robust, with more sophisticated and
technology-driven carriers. It is critical, therefore, that risk buyers revisit their cyber strategy
amid the moderating market to help manage their exposure.
Risk managers should consider following these three focus areas to help enhance their cyber risk
Find Value Through Collaboration
Work with your information security colleagues, in-house counsel, brokers and other advisors to help
shape the prioritization of risks the company views as material and transferrable. Overlaying that
dialogue with financial impact analytics helps develop a framework that can prioritize the
objectives of your cyber insurance program. The softening market provides an opportunity to tailor
important policy wording, push sub-limits to full coverage limits and help eliminate coinsurance
Create Long-Term Program Goals
Cyber insurance is sustainable and will continue to bring value to insureds. While insurers’
proposed language changes can bring frustration to risk buyers, it’s important to think
holistically about your E&O and Cyber insurance program. Increasing competition provides an
opportunity for businesses to consider alternative coverage options. Before making a hasty decision,
evaluate the policy language changes and consider the potential downside of switching insurers.
Keep Your Eye on Emerging Trends
Key security controls that limit the probability of a ransomware event are an important part of the
dialogue and underwriting process. Always remain forward-looking. Privacy litigation is on the rise,
and severity exposure is often underestimated. The geopolitical landscape remains a concern for
businesses globally. Understanding emerging threats, what your company is doing to mitigate them,
and then articulating that information to underwriters can help improve the underwriting process.
The information contained herein and the statements expressed are of a general nature,
not intended to address the circumstances of any particular individual or entity and provided for
informational purposes only. The information does not replace the advice of legal counsel or a cyber
insurance professional and should not be relied upon for any such purpose. While care has been taken
in the production of this document, Aon does not warrant, represent or guarantee the accuracy,
adequacy, completeness or fitness for any purpose of the document or any part of it and can accept
no liability for any loss incurred in any way by any person who may rely on it. Any recipient shall
be responsible for the use to which it puts this document. This document has been compiled using
information available to us up to its date of publication and is subject to any qualifications made
in the document.
General Disclaimer The information contained herein and the statements expressed are of a general nature and are not intended to address the circumstances of any particular individual or entity. Although we endeavor to provide accurate and timely information and use sources we consider reliable, there can be no guarantee that such information is accurate as of the date it is received or that it will continue to be accurate in the future. No one should act on such information without appropriate professional advice after a thorough examination of the particular situation.