Cyber REDY® Index January 2023

The REDY® Index leverages CRC Group’s collection of actionable data – the wholesale industry’s largest. It provides critical pricing analysis monthly, giving you a snapshot of the marketplace. The REDY Index generates instant intelligence on pricing trends by industry or coverage, enabling our retail partners to set accurate data-driven expectations with their clients. Removing the guesswork empowers CRC team members to negotiate competitively, consistently producing better outcomes, better deliverables, and better results.


CYBER REDY® INDEX - January 2023

68.0% 70.7% 54.9% 66.1%   49.8% 58.1% 46.5%  40.4% 28.3% 26.0% 27.2% 23.2% 18.7%                 72% 80% 71% 83% 83% 6% 83% 80% 4% 68%   13% 3% 13% Dec '21 2% 5% 13% Jan '22 12% 6% 11% Feb '22 8% 2% 7% Mar '22 2% 10% Apr '22 2% 5% 10% May '22 5% 11% Jun '22 16% Jul '22 19% Aug '22 22% Sep '22 Oct '22 Nov '22 20%+ Dec '22

Results displayed above reflect average CRC Group Cyber renewal pricing changes by month (over the previous 12 months). Results are limited to brokerage accounts that renewed in the same month as the prior year with the same total account limits. To remove outliers, the top and bottom 1% of accounts by YoY % change have been removed, as well as the top and bottom 1% of accounts by rate online (Premium/Limit*100). The REDY Index is intended for educational purposes only as individual accounts typically differ from average pricing trends.


Percentage of Cyber Accounts with Greater than 50% pricing Increase

19% SEPTEMBER 2022 vs. 33% SEPTEMBER 2021 19% OCTOBER 2022 vs. 41% OCTOBER 2021 19% NOVEMBER 2022 vs. 38% NOVEMBER 2021 13% DECEMBER 2022

Of the 45% of accounts in Q4 2022 with a pricing increase greater than 20%, 17% of the accounts had an increase of 50% or more. 4% of Cyber accounts in the 4th Quarter had increases greater than 100%.


  • Most underwriters are requiring a completed ransomware application, multi-factor authentication, and fully implemented cybersecurity measures before binding new and renewal accounts.

    Acceptable cybersecurity measures include a segregated backup solution, next-generation anti-virus protection with EDR, email filtering solution, MFA for privileged users, email, remote network access, and proper phishing training for all employees.

    Cyber insurers are noting a new trend in ransomware claims. Attacks are increasingly primarily involving the exfiltration of the insured’s data with a corresponding extortion demand. If not paid, the attacker indicates data will be made public or sold on the dark web.
  • Difficult cyber classes include healthcare, real estate, collection agents, title/escrow, municipalities, schools, managed service providers, utilities, law firms, technology, including game developers/distributors, and any risk with a high number of PII or PHI records.
  • Watch out for ransomware (extortion) sublimits including co-insurance, social engineering callback requirements, cybercrime that excludes third-party funds (escrowed), short periods of restoration, or indemnity from business income and/ or reputational harm-related losses. Ransomware sublimit endorsements vary greatly between insurers. Agents are advised to read them carefully.