Around 2020, ransomware attacks surged, changing the cyber insurance world in big ways. What used to be cheap and optional coverage quickly became a must-have for companies of all sizes. Matthew Danielak, head of broking at Willis Towers Watson’s FINEX Cyber division, explained that before ransomware became widespread, cyber insurance was almost an afterthought. Insurers had little data to set prices or understand risks because major breaches were rare and seen as isolated events.
But as cyberattacks started hitting more organizations, the market matured fast. Now, if a business uses computers, it needs cyber insurance. This shift brought cyber insurance decisions into the boardroom. Company leaders who once ignored cyber coverage are asking tough questions about how much protection their business has and how much it costs. Cyber insurance costs have climbed, and companies are spending more to guard themselves.
This shift has also attracted many new insurance providers. Traditional insurers and specialized managing general agents (MGAs) are racing to offer policies, especially to small and mid-size businesses. Danielak pointed out that the cyber risk landscape changes so quickly that insurers struggle to keep up with what risks are relevant at any given moment.
Buyers of cyber insurance are also changing. Instead of just looking for the cheapest policy or highest limit, they want real insight into their risks. Brokers are now helping clients understand what they face and how much risk they carry. This also comes from pressure from partners and vendors who handle sensitive data. As a result, companies are asking for higher coverage limits, even if they can only increase them step-by-step.
New challenges are also emerging. Insurance companies are split on how to cover risks from AI-driven attacks or deepfake scams. Some are adding specific coverages, while others are cautious, sticking to their existing policies. Danielak noted that insurers want to fully understand the risks before jumping in, because rushing to cover something new might lead to problems down the line.
Another growing issue is that cyber incidents are blurring into areas covered by other types of insurance. For example, a cyberattack might cause physical damage or business interruption that affects property or casualty policies. To address gaps, insurers are drawing clearer lines about what cyber policies cover and excluding these other risks from them. This has led cyber insurers to ask for more details about a company’s physical assets and operations to make sure everything is properly evaluated.
Looking ahead, Danielak sees a future where insurers, brokers, and clients work together across different insurance areas. The goal is to avoid gaps and confusion, making sure every risk is covered without overlap.
In short, ransomware shook up how cyber insurance is seen and handled. What was once a side expense is now a boardroom priority with growing costs, evolving risks, and changing demands from buyers and insurers alike. The market is still adjusting, but everyone agrees that cyber protection is no longer optional—it’s essential.