2021 Cyber Outlook

Cyber, Property & Casualty

2020 was yet another milestone year for ransomware, with threats impacting organizations of all sizes and industry classes. Inability to access systems, destruction of hardware, and lost revenues devastated these businesses. Cyber insurance played a vital role for many organizations with its incident response services and indemnity, giving policyholders relief in a time of turmoil.

2020 Facts & Figures

  • Small to medium sized businesses had an average claims cost of $175,000 per incident, with business interruption claims averaging $276,000.[1]
  • Ransomware attacks increased 40% in frequency with an estimated 199.7 million ransomware attacks reported through Q3 2020.[2]
  • 86% of breaches were financially motivated.[3]
  • Only 52% of executives feel their data breach response plan is effective.[4]

The average ransomware demand increased from $84,116 in 2019 to $233,817 in Q2 2020.

— Coveware
Quarterly Ransomware Report

What to Watch for in 2021

Ransomware demands will continue to increase

The average ransomware demand increased from $84,116 in 2019 to $233,817[5] in Q2 2020 with expected increases even higher at final reporting. Some demands were well within seven figures, with one reportedly at $12.5 million.[6] As ransomware continues to evolve and proliferate, it often leaves companies with no choice but to succumb to the criminals. The amounts increase because there is success in recovering these amounts, preying on companies with insufficient back-ups and redundancies.

Data theft will reemerge in concert with ransomware attacks

In a surprising twist, more and more ransomware cases include exfiltration of sensitive data. Coveware, a technology firm specializing in ransomware remediation, reported that 22% of attacks included data theft along with the malware. These attacks are often perpetrated by criminals who are interested in making money, but also to shame its victims. Sensitive information, including trade secrets and confidential corporate information, have grown in their attraction. As attacks become more sophisticated and more effective, a wider net of victims will be cast.

Regulatory scrutiny of ransom payments will become more aggressive

On October 1, 2020, the Office of Foreign Assets Control publicly warned companies that there will be more scrutiny around payments made to restricted countries. Privacy attorneys would attest that this has always been on the forefront of their minds. But as the ransomware strains become harder to trace, this challenge grows exponentially. State actors account for many of these incidents, and the utilization of cryptocurrency for payments can often shield companies from knowing where their money is being sent. The message has always been clear from law enforcement – don’t pay the ransom. 2021 will see this message punctuated more forcefully.

Cyber insurance premiums will rise as little as 10% and as much as 30%

With cyberattacks come cyber insurance losses. Insurance carriers who enjoyed high book profitability and enormous levels of capacity from competition have seen an abrupt end to these conditions. Carriers are paying claims, and the costs of claims are rising – especially in the small to middle market space. Market entrants are dropping, and all carriers are looking at their books with an eye for correction of rates and appetite.

The cyber market will continue to evolve and compete 

Competition between carriers remains fierce. Insurtech continues to drive business in predictable ways – enhancing underwriting processes and providing a more proactive approach to risk. All insurers are driving innovation through policyholder services provided (often through third party vendors) and policy form coverage broadening language based on claims experience.

Underwriting scrutiny will become intense

Gone are the days of short form applications with no subjectivities. Carriers now require supplemental applications tailored toward ransomware controls. Email scanning, multi-factor authentication, and endpoint detection services are favorable controls and expected by most underwriters. Carriers ask more questions around business continuity and payment controls, with business interruption losses and social engineering claims gaining frequency. We will continue to see more of this shift in underwriting philosophies going forward.

Sublimits may be imposed for certain cyber liability coverages and capacity will tighten

The allure of many carriers to insureds were full policy limits for most coverages providing a seamless and easy solution. Unfortunately, many carriers have begun talks of sublimiting ransomware and business interruption coverages for insureds who have inferior controls. Some may take this approach on their book as a whole, regardless of controls. Carriers may also take a closer look at total capacity on a risk. $10 million and $15 million aggregate limits were attainable for many insureds. In 2021, expect those limits to be few and far between.

Carriers will rewrite and refile their forms

Cyber liability’s evolution often lent itself to policy forms that were not filed with the Commissioner of Insurance in various states. The coverages moved faster than they could be written, and the flexibility of non-admitted forms was needed. A few years ago, this changed as coverages started to broaden enough to slow the rewrites down. With the filing of these policies, coverage and pricing become more standardized. Due to the claims environment, many carriers will be making major updates to rates and coverage requiring approval.

Key Takeaway

2021 requires a call to action from all executives, business owners, and professionals to make cybersecurity their highest priority. Companies can no longer afford to bury their head in the sand because of complexity. Investment in security solutions, employee training, and a comprehensive cyber insurance policy are imperative to protect your business.


[1] NetDiligence Cyber Claims Study

[2] Security Boulevard, Ransomware Review

[3] Data Breach Investigations Report, Verizon

[4] Experian Annual Preparedness Study

[5] Coveware, Q3 2020 Ransomware Marketplace Report

[6] Crowdstrike

Back to Insight Center