Soft Market Meets Rising Threats
Industry experts believe cyber market stability is at risk.
An insurance market in possession of good premium must be in want of softer market conditions.
This universal truth was demonstrated by the cyber market cycle during the COVID-19 pandemic, driven by rising remote work and increased use of virtual meeting software, along with the heightened dependence on third-party vendors those developments required. The unprecedented spike in the frequency and severity of ransomware attacks contributed further to the correction, also linked to the rush to adopt virtual tools.
A 2021 Howden analysis shows that the number of global ransomware attacks grew from approximately 160 million in 2019 to over 250 million in 2020, while average ransomware payments in the United States jumped by 300% in those years. Likewise, industry analyst AM Best found that the combined loss ratio for the U.S. cyber insurance industry rose from 44.6% in 2019 to 66.9% in 2020.
The cyber insurance market correction followed swiftly. Results from The Council of Insurance Agents & Brokers’ quarterly property and casualty market survey showed premium increases of 15% or more between Q1 2021 and Q4 2022, peaking at an average increase of 34.3% in Q4 2021. AM Best cyber market outlooks from the period found that this built a robust premium reserve for claims: total U.S. cyber insurance direct premium written climbed from $2.7 billion to $7.2 billion between 2020 and 2022.
At the same time, cyber carriers introduced strict new underwriting guidelines for insureds. Multifactor authentication, now de rigueur for any company that uses digital tools, became a baseline requirement for insurers to even provide a policy quote. Broker responses to the quarterly Council survey provided other examples of carrier efforts to stabilize the market, such as discounts for implementing endpoint detection and response and email and web filtering; mandating phishing and cybersecurity awareness training for employees; and offering consultations with cybersecurity experts.
“Underwriters and insurers felt like they were instilling best-in-class controls in their policyholders, because [those controls were] really the barrier to entry to get insurance,” says Maria Long, chief underwriting officer of cyber solutions company and MGA Resilience. Similarly, she explains, hard market rates proved enticing for sources of capital:
“A lot of capacity rushed in, and cyber insurance became a more attractive place to be for insurers and MGAs. The saturation of capacity resulted in an easy opportunity for brokers to go ahead and start marketing their policies, getting lower rates, expanding coverage, and making more asks.”
As a result, the combined loss ratio quickly returned to prepandemic levels. In a June 2025 cyber market outlook, AM Best said that ratio dropped from 65.5% in 2021 to 44.6% in 2022 and then to 41.6% in 2023. Concomitantly, cyber premium increases slowed precipitously, from 15.0% in Q4 2022 to 8.4% in Q1 2023 and 3.6% in Q2 2023, according to The Council survey. Since Q2 2024, cyber premiums have decreased an average of 1.5% or more per quarter—a sure sign of the return of the soft market, even as the combined loss ratio ticked back up to 48.8% in 2024, according to AM Best.
John Butler, cyber product lead for E-Risk, a Nationwide company, also believes the increase in capacity is a major factor behind cyber market softening. “However,” he notes, “from a claims perspective, we are seeing trends that we’ve seen in the past. When you have high-frequency, high-severity [events], you would think that the market would start seeing some deterioration from a pricing perspective. But because there’s increased capacity, we’re not necessarily feeling that sort of pressure with respects to pricing and coverage.”
A market so flush with capacity incentivizes competition, says Long, with insurers pursuing market share primarily through expanded coverage. One example she gives is cyber liability policies extending to cover bodily injury, property damage, and pollution from a cyber event; another, more eye-opening development Long has observed is the offer of reinstatement of limits within a single policy period. “Only a couple years ago, you would never dream of offering something like that,” she says.
With the persistence of this soft market—“longer than any of us anticipated at first,” in Long’s words— and market forces pushing carriers to expand coverage and pull back on rates, even as frequency and severity trends have not abated, the cyber insurance market is vulnerable to another severe market correction, industry experts believe. And for both Long and Butler, one major source of concern is the evolution of third-party risk.
