Estimated reading time: 5 minutes
With 2026 upon us, demand for cyber insurance remains high, and premiums continue to grow. Gallagher’s latest outlook describes the market as “robust” and expects it to keep expanding. At the same time, the report highlights growing systemic risk, rapid regulatory changes, and the increasing influence of AI.
The report describes 2025 as a year of change. Insurers competed more for well-managed clients, and buyers saw more stable renewals. Meanwhile, carriers made contract terms stricter, especially for outages and vendor-related issues. Even though the market seems calmer, risks remain high.
Premiums Keep Rising, Even With Softer Rates
Global cyber insurance premiums are still rising. The report estimates the market will reach between the mid-teens and $20 billion in 2025, with much higher numbers expected by 2030. This growth comes from more companies buying coverage, higher policy limits, and greater reliance on digital technology in all industries.
For many policyholders, rate changes have slowed down. Many renewals stayed the same, and some buyers even saw small decreases. Insurers still offer plenty of capacity to clients with strong security controls. Competition continues to help keep prices in check for most customers.
US Renewals Stabilize, While Healthcare Tightens
Gallagher reports that the US market will mostly stabilize by 2025, based on renewal and new business quotes. Underwriters favor companies that use basics like MFA, EDR, regular patching, and tested backups. They also value strong leadership and commitment to managing cyber risk.
Healthcare continues to stand out. The report notes “greater underwriting scrutiny” in this sector, leading to small increases for many renewals. Underwriters pay close attention to patient safety, keeping operations running, and the amount of sensitive data involved. Just one outage can stop care and lead to several types of claims.
Reinsurance And New Capital Support Capacity
Reinsurance helps insurers manage volatility and aggregation of cyber risk. It underpins the capacity for large limits. The report highlights increased capital participation and evolving deal structures. Market players build new tools to spread risk.
Widespread events are pushing the industry to innovate. For example, cloud outages can impact many policyholders at once, and vendor failures can disrupt whole supply chains. These situations challenge the idea that risks are separate. Underwriters now consider how losses can be connected across different clients.
Claims Trends: Ransomware Adapts And Privacy Suits Expand
Ransomware remains a leading claims driver. Attackers keep refining tactics. Many groups focus on data theft and extortion pressure. They also exploit stolen credentials and social engineering. Victims face operational disruption plus reputational stress.
The report points to a decline in ransom payment rates in recent tracking. That trend reflects greater resilience and a stronger negotiating posture. Better backups reduce leverage for many criminals. Stronger segmentation also limits blast radius. Buyers who invest in recovery often see better claim outcomes.
Privacy litigation adds another cost wave. The report calls pixel tracking suits “alarming.” Plaintiffs’ target-tracking tools on websites and portals. They often cite wiretap and privacy statutes. These cases can scale quickly during peak traffic. Defense costs can rise even without a major breach.
Watch Our Podcast On Ransomware Response: Expert Negotiation and Cyber Insurance
AI Reshapes Both Attacks And Underwriting
Gallagher describes the market as unpredictable, with AI accelerating change and increasing uncertainty. Companies use AI for customer service, marketing, analytics, and creating code. Attackers also use AI to make their scams more convincing and to automate their attacks.
Deepfakes make social engineering attacks more dangerous. These tools can “impersonate trusted individuals with alarming realism,” making it harder to control payments and increasing the risk of fraud for executives and finance teams. Voice and video are no longer reliable for confirming someone’s identity.
AI brings new types of technical risks, like prompt injection, data poisoning, misuse of models, and data leaks from unsafe prompts. Attacks on the supply chain are also a major concern, including the misuse of plugins, software dependencies, and connected tools.
Underwriters now ask more detailed questions about how companies manage AI, including governance, access controls, monitoring, oversight, and who is responsible for model risks. Companies with clear controls in these areas often get better policy terms.
Watch Our Podcast on AI Risk
Regulation Accelerates, With May 2026 On The Horizon
The report calls the US regulation complex and fast-moving. Many organizations face overlapping requirements. The outlook details a crucial federal timeline: CIRCIA incident-reporting requirements begin in May 2026. Companies must prepare workflows and evidence capture.
States are increasing pressure with many new cybersecurity bills expected in 2025. Some proposals focus on breach notifications and consumer data, while others address ransomware readiness and infrastructure security. Following these rules is now a bigger part of underwriting discussions.
Policy Language Tightens Around Outages And Vendor Risk
Insurers continue to update how they describe supply chain risks in policies. They are changing contract terms about which vendor events are covered and now require insured companies to clearly document their third-party relationships.
Get The Cyber Insurance News Upload Delivered
Subscribe to our newsletter!
How downtime is defined in policies is very important. Waiting periods and qualifying times can impact recovery and payments for short outages. Some policies have strict definitions for interruption windows, so brokers focus on these details during negotiations.
Conclusion: Buyer-Friendly Conditions, Sharper Edges
Gallagher describes the current environment as “mostly buyer-friendly” but also says the market is “at a critical juncture.” Competition helps keep prices reasonable for high-risk clients. However, systemic risks and AI concerns are leading to stricter underwriting, and privacy lawsuits are making loss costs less predictable.
The cyber insurance market rewards disciplined preparation in 2026. Buyers should document controls and vendor oversight. They should test incident response and recovery plans. They should also train staff for fraud-resistant payment practices. Strong fundamentals still produce the best outcomes.
Related Cyber Liability Insurance Posts
- Beyond the Policy: How Companies Can Survive Cyber Events Traditional Insurers Won’t Cover
- A Step toward “Skinnier Cyber Insurance?” Marsh Lowers Threshold for Cyber Coverage
- America’s Top Cyber Insurance Companies — the Rankings May Surprise You
- PEGs Want Their Portfolio Companies to Have Cyber Insurance. But What’s the Best Way?
- Great American Insurance Group Promotes Betty Shepherd to Divisional President, Cyber Risk
