Cyber Insurance Market Forecast: Powerful 2026 Trends In Ransomware, Vendors, Privacy, And AI

by

Estimated reading time: 6 minutes

Willis reports that the cyber insurance market remained favorable for buyers in 2025. Both the number and severity of losses increased, but prices continued to fall. Competition since 2022 led to yearly premium reductions, and this trend continued through 2025, even as risks grew.

But Willis notes a possible change ahead, with early 2026 showing signs that the market is softening more slowly. Some insurers are now looking for stability, aiming for flat renewals in high-risk sectors like healthcare and aviation. Even so, buyers can still find premium reductions and broader coverage in many cases.

Willis connects the market’s next steps to losses and reinsurance. Severe ransomware and systemic events in early 2026 are especially important. Renewals in cyber reinsurance could influence market sentiment. Willis describes this period as buyer-friendly, calling early 2026 “a ripe opportunity” for expanding coverage.

Growth Pressure Meets Underwriting Discipline
Image of WTW company logo. Used in Cyber Insurance News article about their report on the 2026 cyber insurance market

Willis describes strong demand across cyber insurance lines. Underwriters are eager to capture cyber premiums, viewing this area as “the biggest growth opportunity” in the insurance industry. The market is estimated at $16 billion in 2025, with projections of at least $40 billion by 2030. The report highlights reaching $40 billion as a major milestone.

Willis also points out that insurers are concerned about profitability. Some carriers are seeking more discipline, aiming for sustainable loss ratios and enough capacity to meet future demand. The report notes that losses in 2025 were not limited to ransomware; privacy non-compliance and technology service provider outages also caused significant costs, with several losses having systemic effects.

Ransomware: Higher Volume, Shifting Tactics

According to Willis, ransomware was still the main driver in 2025. The number of attacks increased by 45% compared to the previous year, but average ransom payments dropped by 50%. Willis attributes this decline to improved resilience and a greater willingness to refuse payment.

See also  Coalition Launches Cyber Insurance Captive 

Attackers also changed their tactics, with more insider-enabled attacks. Criminals tried to buy access from employees. Willis gives a clear example: a Medusa affiliate offered an employee “a 15% cut” for system access.

The severity of losses continued to surprise both buyers and insurers. Willis mentions an automotive ransomware event that caused a $2.5 billion impact on the local economy. While system restoration is now faster, business disruptions can still last for months, and some even extend beyond a year.

Vendor Outages And Systemic Risk

Willis identifies vendor incidents as key drivers of systemic losses. In 2025, there were more cloud outages, including those involving AWS, Microsoft Azure, Google Cloud, and Cloudflare. Willis estimates that the Cloudflare outage in November 2025 caused losses between $5 billion and $15 billion.

Willis explains that many companies depend on a small group of providers, which creates concentrated risk. Outages can quickly stop operations, turning vendor failures into systemic threats.

WATCH OUR PODCAST with Willis’ Peter Foster

Willis says that coverage availability is still strong. Policies can cover both cyber attacks and system failures, though underwriters are now examining system failure more closely. Competition continues to encourage broad terms, and many insurers offer system failure coverage “often at full limits.”

Privacy Non-Compliance And Wrongful Collection

Willis points out a growing privacy risk, noting that many losses now occur without a data breach. Lawsuits over pixel-tracking are driving this trend, as plaintiffs use older privacy and wiretap laws. Regulators are also providing more detailed guidance.

The report links increased scrutiny in healthcare to a June 2022 Markup investigation. By 2025, settlements over pixel use in healthcare surpassed $100 million. Willis also tracks BIPA claims in Illinois, where settlements dropped 34% after 2024 amendments limited damages. Still, there was a $51.75 million facial recognition settlement in 2025.

See also  SMB Cybersecurity 2025: Troubling Report Exposes Protection Gaps Despite High Awareness

Willis warns that coverage for wrongful collection varies across cyber policies. Many standard policies do not include it, and insurers are becoming “increasingly wary” of offering this coverage. Underwriters are more concerned about price regulation than about controls.

Artificial Intelligence: Amplifier And New Exposure

Willis identifies AI as a major emerging risk. AI allows attackers to automate discovery and exploitation, increasing the speed and scale of attacks. Willis notes that AI exclusions are still rare in cyber policies, which means coverage often extends to AI-driven cyber events.

Willis also highlights the risk of “AI washing” for public companies. The report says that D&O policies often do not have AI exclusions, so securities claims could allege that companies exaggerated their AI capabilities.

Regulation could lead to losses that are not covered by current policies. Willis points to the EU AI Act, with some rules set to take effect in 2026. Fines can be as high as €35 million or 7% of global turnover, and violations may happen even without a cyber event, which could put these losses outside traditional cyber coverage. Willis also notes that Utah, Colorado, and California have passed similar AI laws in the U.S.

Willis encourages proactive AI governance, the importance of compliance, data management, and controls for shadow AI. The firm also links AI risk to vendor management and recommends training, phishing simulations, and tabletop exercises.

Get The Cyber Insurance News Upload Delivered
Subscribe to our newsletter!

Predictions For 2026

Willis expects ransomware to continue as the main threat. Large incidents could exceed $1 billion, challenging common assumptions about coverage limits. Willis recommends using data and analytics to guide decisions about policy limits.

See also  Confused About Cyber War Clauses? Jenner & Block Provides Some Clarity in Update to Clients

Willis expects that reliance on vendors will keep testing insurance policies. Most outages in 2025 lasted less than a day, but a longer outage could lead to losses in the billions. The report does not foresee a drop in market appetite soon, as competition for premiums remains strong.

Willis predicts that privacy underwriting will get tougher. The use of pixels and data aggregation will continue, and some markets may limit coverage expansions. However, buyers who are persistent and have strong controls and a clean loss history can still find wrongful collection coverage.

Willis expects that insurance products specific to AI will develop slowly. While some new products are available, capacity and demand remain limited. A major AI-related loss could quickly change this situation.

Conclusion

Willis does not see a hard market at this time. The firm is watching loss ratios and reinsurance renewals, and considers early 2026 a good opportunity for buyers in the cyber insurance market. Willis also calls for stronger governance and resilience.

Martin Hinton

Martin Hinton is the Executive Editor and Publisher of Cyber Insurance News and Information. With over three decades of journalism experience across six continents, his work encompasses investigative reporting, documentaries, and coverage of cultural, political, and business news. To learn more about his career, click on his name to visit his LinkedIn page.

Leave a Comment

×