Staying ahead in today’s insurance marketplace requires sharp insights and the right tools. The 2026 State of the Markets at a Glance deliver insights into key industry trends, emerging risks, and actionable intelligence to help you navigate the marketplace with confidence. Whether you’re assessing market shifts, identifying new opportunities, or fine-tuning your strategy, our latest insights ensure you stay informed and prepared for what is ahead.
OVERALL MARKET PERFORMANCE + OUTLOOK
Over the past 12–18 months, the cyber insurance market has continued its transition into a buyer-friendly phase. Increased insurer capacity and improved cybersecurity controls among insureds have created a competitive environment, resulting in declining pricing for many risks. Global cyber insurance pricing fell approximately 7% in Q4 2025, and many insureds are now able to secure higher limits and broader coverage terms than were available during the hard market period of 2020–2022.
Despite softer pricing, the market remains profitable even as claim frequency rises. U.S. cyber insurance reported claims increased nearly 40% to roughly 50,000 claims. This dynamic reflects a market experiencing higher frequency but maintaining profitability through improved underwriting standards, tighter security requirements, and more effective risk selection.
Looking ahead, the cyber insurance market remains soft, and it is a great time to be a buyer. Continued favorable conditions are supported by strong insurer capital positions, increased reinsurance participation, improved cybersecurity maturity among insureds, and moderating ransomware payment activity. However, the market remains highly sensitive to systemic cyber risk and accumulation exposure along with a developing tail exposure not consistent with the first couple of decades of the cyber insurance market.
Events that could trigger a return to hard market conditions include a large-scale cloud service provider outage, a critical infrastructure ransomware event, a major supply-chain cyber catastrophe, or widespread AI-enabled financial fraud. Absent a significant systemic loss event, the cyber insurance market is expected to remain relatively soft through 2026, with some pockets of exceptions.
RANSOMWARE TRENDS
Ransomware remains the primary severity driver within the cyber insurance market and continues to play a central role in the broader threat landscape. Recent data shows ransomware present in approximately 44% of reported breaches, a notable increase from prior years that reinforces its continued dominance as a loss catalyst.
Despite elevated attack frequency, total ransomware payments declined modestly year-over-year, falling from $892M in 2024 to $820M in 2025. This roughly 8% decrease likely reflects improved incident response capabilities, greater law enforcement disruption, more disciplined negotiation strategies, and stronger corporate resilience overall.
However, while aggregate payments have decreased, severity within individual events has intensified. Although fewer organizations are paying ransom demands, the payments that do occur have been significantly larger. Insurance claims data underscores this shift. The average ransom demand is approximately $1.1M, with the largest ransom paid reaching roughly $75M and the largest demand recorded at approximately $150M. Negotiation efforts remain a critical mitigation tool, frequently reducing ransom payments by about 60% from initial demands.
BUSINESS INTERRUPTION CLAIMS
Business interruption remains the single largest driver of claim severity when no liability component is present. Cyber events that disrupt operations are materially more expensive than incidents involving only data exposure, privacy concerns, or funds transfer fraud.
Over a five-year period, on average, claims involving business interruption are more than 650% as costly than nonbusiness interruption claims. This gap underscores how quickly costs escalate when revenue generation halts and recovery timelines extend. And this issue compounds, as one of the largest friction points in the cyber industry is the time to calculate and pay business interruption claims, often taking more than a year to evaluate and settle.
Severity is also increasing within the small and mid-sized enterprise segment. The average business interruption loss was approximately $611K in 2024, rising to more than $1M in 2025. This sharp increase reflects longer downtime, increased system complexity, and growing reliance on digital infrastructure across all industries.
Notably, ransomware remains the primary driver of operational disruption, accounting for approximately 81% of business interruption claims. As a result, business interruption exposure remains a central underwriting focus in 2026, particularly in ransomware-driven scenarios.
SUPPLY CHAIN + VENDOR RISK
Supply chain and vendor exposure has become one of the most significant underwriting considerations in the cyber insurance market. Modern organizations are deeply dependent on cloud providers, SaaS platforms, and managed service providers to support core operations. As a result, a single cyber incident impacting a technology vendor can simultaneously disrupt thousands of downstream organizations.
Recent research indicates that third-party involvement in breaches has doubled, increasing from approximately 15% in earlier periods to roughly 30% more recently. This shift highlights the growing interconnectedness of digital ecosystems and the expanding attack surface created by vendor reliance.
Claims data further underscores the severity potential of supply chain events. Ransom payments associated with vendor-driven incidents have ranged from $2M to $25M, with total incident costs spanning approximately $355K to $25M depending on the scale and duration of disruption.
Large technology outages and systemic cyber events now represent one of the most material accumulation risks facing cyber insurers. As dependency on shared infrastructure continues to grow, understanding vendor controls, concentration risk, and systemic exposure remains critical in 2026.
DATA PRIVACY + REGULATORY RISK
Cyber insurance losses are increasingly shaped by expanding privacy enforcement and regulatory scrutiny. While ransomware and funds transfer fraud remain more frequent causes of loss, regulatory-driven events are becoming more consequential from a severity standpoint.
Regulators are broadening enforcement beyond traditional breach notification failures to address evolving data practices, including biometric data collection, facial recognition technology, behavioral tracking, and AI-driven profiling. As organizations deploy more advanced data analytics and artificial intelligence tools, compliance expectations are rising in parallel.
Although privacy and regulatory events occur less frequently than ransomware or phishing incidents, they have the potential to generate outsized losses. Regulatory investigations, statutory penalties, and class-action litigation can significantly amplify total claim costs, particularly when enforcement actions coincide with alleged consumer harm.
As regulatory frameworks continue to mature at both the state and federal levels, privacy exposure remains a growing underwriting consideration in 2026, particularly for organizations leveraging advanced data collection and AI-enabled technologies.
SOCIAL ENGINEERING + PHISHING
Social engineering remains the most frequent source of cyber insurance claims, with phishing and business email compromise (BEC) attacks continuing to target financial transactions and internal payment processes. Threat actors increasingly rely on impersonation, invoice manipulation, and email account compromise to redirect funds or exploit human error within organizations.
Recent complaint data reflects the scale of the issue, with 193,407 phishing complaints and 21,442 BEC complaints reported. BEC-related losses alone totaled approximately $2.77B, underscoring the continued financial impact of these schemes.
Insurance claims data shows the average BEC incident cost is approximately $75K, making these events less severe than ransomware-driven losses but far more frequent. Approximately 29% of BEC incidents ultimately result in confirmed funds transfer fraud, where money is successfully diverted.
Importantly, speed of response plays a critical role in mitigating loss. Prompt notification to financial institutions and law enforcement, together with swift banking action, substantially enhances the probability of recovering funds lost through fraudulent wire transfers. As a result, employee training, payment verification controls, and incident response readiness remain essential risk management priorities in 2026.
ROLE OF ARTIFICIAL INTELLIGENCE
Artificial intelligence is playing an increasingly influential role in the evolution of cyber risk. Threat actors are leveraging AI tools to generate highly realistic phishing emails, automate reconnaissance and vulnerability discovery, produce voice-cloning attacks used in executive impersonation fraud, and scale social engineering campaigns across multiple languages. These capabilities are lowering barriers to entry and enabling attackers to operate with greater speed, precision, and efficiency.
Rather than fundamentally increasing the severity of individual incidents, AI is amplifying the speed, scale, and frequency of attacks. It allows threat actors to target more organizations simultaneously, personalize outreach more convincingly, and adapt tactics more quickly.
At the same time, AI is strengthening defensive capabilities. Insurers and cybersecurity providers are deploying AI-driven tools to enhance threat detection, streamline incident response, and refine underwriting analytics. As both offensive and defensive uses of AI continue to advance, the technology will remain a central factor shaping cyber exposure and risk management strategies in 2026.
Interested in others?