CYBER

Pricing stabilizing, innovating accelerating

The cyber insurance market is showing signs of recalibration, although pricing remains friendly to buyers. In the fourth quarter of 2025, median pricing for cyber insurance fell 1.9%, according to Lockton data. (See Figure 19.)

Cyber pricing has declined for three consecutive years, and the sustained softening is beginning to pressure carriers. While insurers have largely focused on retaining business, they are now increasingly differentiating accounts based on privacy exposures and the strength of cybersecurity controls. As a result, rate increases are expected for select buyers, including those experiencing rapid growth or with poor loss histories or inadequate cyber controls.

Carriers are consolidating, making strategic moves to better position themselves to innovate and develop new products in an increasingly sophisticated cyber risk landscape. Still, capacity has not declined, and many new markets are looking to deploy capital and grow. New business goals and new entrants will continue to drive a competitive environment, but insurers are being more disciplined as premiums have reached minimum levels.

Underwriters are moving away from merely checking the box on controls to a focus on exposures as they grow concerned about the claims environment. For example, ransomware attacks involving encryption alone are becoming rare, while a majority of attacks in 2025 involved extortion and data theft, according to Resilience, a cyber MGA. While organizations’ backups have become stronger, the potential for data releases — and subsequent litigation, regulatory action, and reputational harm — is growing. Remote access also continues to offer a main point of entry for ransomware attackers, and on-premises virtual private networks can enable them to exploit vulnerabilities.

CrowdStrike’s recently published 2026 Global Threat Report highlights how attacks are accelerating, AI is amplifying cybercriminals’ tactics, and ransomware is being delivered through trusted systems. For example:

Attacks by AI-enabled adversaries increased in frequency by 89% from 2024 to 2025.

The average e-crime breakout time — the window between initial access and lateral movement across systems — fell to just 29 minutes in 2025, with the fastest observed intrusion completing in only 27 seconds.

CrowdStrike observed adversaries exploiting generative AI tools at more than 90 organizations, injecting malicious prompts to steal credentials and cryptocurrency and other threat actors targeting vulnerabilities in AI development platforms to deploy ransomware.

Critically, 82% of CrowdStrike’s detections in 2025 were malware-free, as threat actors leveraged valid credentials, trusted identity flows, and approved software as a service (SaaS) integrations to move across domains undetected — making traditional perimeter-based defenses increasingly insufficient.

Cloud-conscious intrusions rose 37%, including a 266% increase from state-nexus actors, while a 42% year-over-year surge in zero-day exploits — many targeting edge devices like VPN appliances and firewalls with limited monitoring — further expanded organizations’ attack surfaces.

These trends collectively underscore why cyber insurance demand continues to intensify, as the frequency, severity, and unpredictability of losses grow more difficult for organizations to absorb on their own.

Meanwhile, with privacy risks remaining top of mind, insurers are taking a look at opt-in and opt-out policies and cookie banners that appear upon initial access to websites. Insurers are also increasingly reviewing contracts between insureds and third-party vendors to ensure reasonable measures are being taken to secure collected and stored data.

Wrongful collection remains a material loss driver on which insurers’ positions are mixed. Some carriers are applying greater scrutiny to coverage grants, while others are using underwriting in combination with external scans and other tools to deploy coverage. Wrongful collection claims frequency continues to rise, tied to companies’ use of pixels and other tracking technologies along with privacy disclosures. Claims brought under the California Invasion of Privacy Act remain at the forefront for insurers.

As more companies adopt various AI tools, underwriters are scrutinizing board and senior management oversight of AI governance. Insurers are not only asking questions about documented policies regarding AI usage but also innovating around AI and clarifying policy language. Insurers, for example, are introducing affirmative AI endorsements for cyber events and technology services and offering regulatory cover for inquiries and investigations into violations of AI-related statutes. This is occurring as carriers face AI-related claims activity and contributory exposure to media and privacy claims.

Embedded security services are also on the rise. Insurers are increasingly integrating insurance products with cybersecurity controls such as vulnerability scanning, automated risk alerts, security awareness training, and security posture dashboards.

Recommendations

Focus on cybersecurity and hygiene. Underwriting standards continue to evolve, and so do cyber threats. The market continues to reward buyers with strong controls and demonstrated improvements in information security.
Understand how organizations are using AI technology. Among other steps:
- Use network traffic analysis, SaaS discovery tools, and endpoint monitoring to identify AI tools in use across enterprises. This includes both IT-approved tools and unauthorized “shadow AI” platforms.
- Determine how employees are using AI in their daily workflows, what data they are inputting, and what tools they rely on.
- Establish formal acceptable use policies that define approved tools, permitted data types, and tiered approval processes for new tools.
- Document governance frameworks — including audit results, policies, training records, and vendor diligence — as this is increasingly a material factor in cyber insurance underwriting and the determination of coverage terms and renewal pricing.

**Note: Rate ranges presented here reflect expected renewal outcomes — as of the Lockton Market Update publication date — over the next quarter for most insurance buyers. These should not be taken as a guarantee of any specific results during renewal negotiations. Depending on risk profiles, loss histories, account specifics, and other factors, individual buyers may renew their programs outside these ranges.