Cyber REDY® Index July 2023

The REDY Index leverages CRC Group’s collection of actionable data – the wholesale industry’s largest. It provides critical pricing analysis monthly, giving you a snapshot of the marketplace. The REDY Index generates instant intelligence on pricing trends by industry or coverage, enabling our retail partners to set accurate data-driven expectations with their clients. Removing the guesswork empowers CRC team members to negotiate competitively, consistently producing better outcomes, better deliverables, and better results.



CYBER REDY INDEX July 2023 MONTHLY RENEWAL PRICING ANALYSIS Average YOY Renewal Change Accounts Decreasing Accounts Flat Accounts Increasing

Results displayed above reflect average CRC Group Cyber renewal pricing changes by month (over the previous 12 months). Results are limited to brokerage accounts that renewed in the same month as the prior year with the same total account limits. To remove outliers, the top and bottom 1% of accounts by YoY % change have been removed, as well as the top and bottom 1% of accounts by rate online (Premium/Limit*100). The REDY Index is intended for educational purposes only as individual accounts typically differ from average pricing trends.


  1. Most underwriters are requiring a completed ransomware application, multi-factor authentication, and fully implemented cybersecurity measures before binding new and renewal accounts. However, this is trending toward a loosening of stringent control requirements for smaller risks.
  2. Acceptable cybersecurity measures include a segregated backup solution, next-generation anti-virus protection with EDR, email filtering solution, MFA for privileged users, email, remote network access, and proper phishing training for all employees.
  3. Very recent industry reporting has sent strong warning signals that the lull in ransomware and BEC attacks experienced in 2022 is over and attacks are once again surging. The recent softening may snap back, particularly for those risks who have not implemented robust controls.
  4. Difficult cyber classes include manufacturing and architects/ engineering firms, healthcare, real estate, collection agents, title/ escrow, municipalities, schools, managed service providers, utilities, law firms, technology, including game developers/distributors, and any risk with a high number of PII or PHI records.
  5. Watch out for ransomware (extortion) sublimits including co-insurance, social engineering callback requirements, cybercrime that excludes third-party funds (escrowed), short periods of restoration, or indemnity from business income and/or reputational harm-related losses, and Widespread Event sublimits. Also keep an eye on Cyber War, BIPA, Biometric, Online Tracking & Wrongful Collection exclusions.