Cyber REDY® Index October 2022

The REDY Index leverages CRC Group’s collection of actionable data – the wholesale industry’s largest. It provides critical pricing analysis monthly, giving you a snapshot of the marketplace. The REDY Index generates instant intelligence on pricing trends by industry or coverage, enabling our retail partners to set accurate data-driven expectations with their clients. Removing the guesswork empowers CRC team members to negotiate competitively, consistently producing better outcomes, better deliverables, and better results.


CYBER REDY® INDEX - October 2022

Results displayed above reflect average CRC Group Cyber renewal pricing changes by month (over the previous 12 months). Results are limited to brokerage accounts that renewed in the same month as the prior year with the same total account limits. To remove outliers, the top and bottom 1% of accounts by YoY % change have been removed, as well as the top and bottom 1% of accounts by rate online (Premium/Limit*100). The REDY Index is intended for educational purposes only as individual accounts typically differ from average pricing trends.


Percentage of Cyber Accounts with Greater than 50% Pricing Increase

Of the 57% of accounts in Q3 2022 with a pricing increase greater than 20%, 23% of the accounts had an increase of 50% or more. 3% of Cyber accounts in August and September had increases greater than 100%.


  • Most underwriters are requiring a completed ransomware application, multi-factor authentication, and fully implemented cybersecurity measures before binding new and renewal accounts.

    Acceptable cybersecurity measures include a backup solution (disconnected or segregated from your network), next-generation anti-virus protection with endpoint detection & response, email filtering solutions, multi-factor authentication for privileged users, email, remote network access, and proper phishing training for all employees.
  • Difficult cyber classes include healthcare, real estate, collection agents, title/escrow, municipalities, schools, managed service providers, utilities, law firms, technology, including game developers/distributors, and any risk with a high number of PII or PHI records.
  • Watch out for ransomware (extortion) sublimits including co-insurance, social engineering callback requirements, cybercrime that excludes third-party funds (escrowed), short periods of restoration, or indemnity from business income and/ or reputational harm related losses.