Competition continues to fuel buyer-friendly cyber market
Conditions in the cyber insurance market remain largely favorable to insurance buyers. In the third quarter, median total program rates for cyber insurance fell 2.5%, according to Lockton data. (See Figure 18.)
Growth prospects for cyber insurers remain constrained, as the pool of net new buyers has largely plateaued. With stable coverage and increasingly attractive pricing, most insureds are sticking with incumbent carriers, leaving limited opportunities for true new business. At the same time, several markets that previously concentrated on excess layers are now pivoting to primary layers, where they can exert greater influence over pricing, underwriting controls, and security posture. Combined with carriers’ desire to protect existing portfolios, this shift is amplifying competition.
The result is a buyer-friendly environment: Pricing is flat to modestly down, even for organizations with less-than-ideal risk profiles, and insureds are able to negotiate improvements to policy language. Coverage breadth remains strong, and carriers are willing to differentiate for well-managed risks.
Still, underwriters are acutely focused on several emerging issues shaping the risk environment, product design, and portfolio strategy. Key trends insurers are watching include:
+
Systemic risk and aggregation exposure.
Cloud outages, software and supply chain dependencies, and concentration in key service providers could generate correlated losses. In response, insurers are reassessing catastrophe modeling, sublimits, and portfolio concentration.
+
AI-driven litigation and regulatory risk.
The rapid adoption of AI is introducing new, often “silent,” exposures, including privacy, copyright, discrimination, and operational risks. Insurers and policyholders are navigating a complex regulatory environment in the U.S. and abroad, trying to anticipate loss scenarios that lack historical precedent.
+
Rising non-data breach privacy litigation.
Lawsuits arising from new privacy laws are being filed more frequently. The plaintiffs’ bar is also employing creative legal strategies to repurpose older statutes to modern technologies and expand the scope of privacy claims. Defense costs and claim frequency are on the rise.
+
Business interruption disputes.
As cyber events increasingly disrupt operations rather than compromise data, disagreements over insured versus uninsured downtime are becoming flashpoints.
+
Product development and coverage ambiguity.
Traditional cyber wordings are being tested by new technologies and loss patterns. Carriers are racing to update forms and introduce more tailored endorsements.
The regulatory environment is also shifting. The Trump administration has pulled back from several initiatives led by the Cybersecurity and Infrastructure Security Agency while promoting new policies regarding AI. States, meanwhile, are filling the vacuum through their own AI, data security, and privacy regulations, creating a patchwork that complicates compliance and underwriting.
Parametric cyber coverage is gaining traction as a tool for managing business interruption and liquidity risk. These structures offer immediate payouts when pre-agreed triggers are met, avoiding protracted adjustment periods and providing organizations with immediate liquidity following disruptive events. Parametric solutions can complement traditional cyber insurance and play a strategic role in broader cyber risk capital management. Success hinges on accurate quantification of exposure to determine the appropriate limits, triggers, and cost-benefit trade-offs relative to conventional coverage or retained risk.
Recommendations
- Work with brokers to consider using premium savings to increase limits, adding technology errors and omissions coverage to cyber policies, and employing parametric solutions.
- Take a proactive approach to cyber risk management, which can enable responsiveness during crisis situations. For example, work with your brokers and other advisors to complete tabletop exercises that simulate business interruption events. This can help organizations better quantify their cyber risk, including potential worst-case scenarios, and identify potential gaps in incident response plans.
1Note: Rate ranges presented here reflect expected renewal outcomes — as of the Lockton Market Update publication date — over the next quarter for most insurance buyers. These should not be taken as a guarantee of any specific results during renewal negotiations. Depending on risk profiles, loss histories, account specifics, and other factors, individual buyers may renew their programs outside these ranges.
3Expected ranges are for total programs.
