Estimated reading time: 5 minutes
A new market update from broker Lockton lands with a split-screen message for buyers and underwriters. The cyber insurance market kept softening, even as the threat environment hardened. Insurers chased growth and fought for renewals. Brokers regained leverage on terms. Claims teams, meanwhile, faced heavier files and longer cleanups.
Key Cyber Insurance Market Takeaways
- Premiums across the Lockton portfolio decreased by an average of 11% in 2025.
- The NCSC recorded a 129% increase in “nationally significant” incidents in the year ending August.
- Claims notifications rose by about 20% across the portfolio.
- Ransomware accounted for 16% of notifications and drove roughly 75% of payouts.
- Lockton expects rate reductions to continue through the first half of 2026.
- Early 2026 saw two new MGAs and one new syndicate launch cyber portfolios.
- London cyber insurers grew from about 25 in 2020 to about 45 in 2025.
Incidents Rise As Pricing Slides
Lockton describes the past year as a turning point for cyber risk, noting “some of the most consequential cyber incidents in recent history.” Major ransomware attacks affected company earnings and operations. The report also says that cyber damage impacted UK consumers more directly, which led to more public and board attention. Lockton calls the current pricing “a rare divergence between underlying risk and insurance pricing.”
The report also draws attention to the severity of rare, large-scale events. Usually, these major incidents are considered industry catastrophes. Lockton found that some recent events were even more intense than usual. Many affected companies had low coverage limits or none at all, so they had to absorb the losses themselves. This meant insurers avoided paying the full amount.
Premiums And Market Drivers
Lockton identifies three main reasons for falling premiums. First, insurers set ambitious growth goals and there are more policies available than buyers. Second, new companies entered the market, putting pressure on existing insurers. Lockton notes new MGAs and a new syndicate starting cyber portfolios. Third, reinsurance costs stayed stable, and some insurers bought less reinsurance, taking on more risk themselves.
Coverage Trends Broaden In Key Areas
Insurers also competed through the design of cyber insurance policies. Lockton says carriers “differentiate themselves with broader and more tailored coverage solutions.” One shift sits in how limits apply. The report highlights “any-one-claim coverage.” That structure applies the full limit to each separate claim. It avoids sharing a single aggregate pot over the period. Lockton says it “effectively grants unlimited reinstatement of the limit of liability.” The option remains geared toward smaller and mid-sized firms.
Supply-chain disruption has become a major concern. Lockton connects recent ransomware attacks on retailers to problems for manufacturers further down the line. When a retailer is hit, deliveries and sales can stop, and suppliers may have to slow production and lose income. Lockton points to Customer Business Interruption coverage as a solution. Insurers offer this with sub-limits, and more companies are using it.
Larger buyers also gained the option to replenish limits after a major loss. Lockton describes reinstatements priced by pre-agreed premiums. The mechanism restores the available limit after erosion. It lets firms maintain protection if another event follows.
Claims And Notifications Turn Harsher
Lockton has seen more claims notifications across its portfolio. Many of these were due to data breaches, which may have serious consequences after legal action. Ransomware cases were the most severe. Lockton notes that a small number of claims led to most of the payouts, showing that there are fewer but larger incidents.
Get The Cyber Insurance News Upload Delivered
Subscribe to our newsletter!
The report links the severity of incidents to how long operations are disrupted. It mentions “sophisticated threat actors,” such as Scattered Spider. Lockton says some companies took much longer than expected to recover, with some unable to operate for months. Attackers frequently used common methods, like unpatched vulnerabilities and advanced phishing. Outsourced service providers also increased risk, especially through managed service relationships.
Underwriters are now concerned about claims from previous years. Lockton says that claims from earlier underwriting periods “are trending significantly higher than anticipated.” The report highlights US-focused portfolios as a particular worry and warns that these years could end up with losses.
An Inflection Point Nears
Lockton expects that plenty of available coverage will keep rates low for now. However, there is a rising feeling of pressure in the market. Insurers think prices are close to unsustainable levels, and claims are increasing. This combination could lead to a change soon.
Lockton also argues the next correction should stay measured. The market has matured and expanded. More carriers now write cyber in London, and buyers have more choice. The report says, “Now remains an opportune time to purchase Cyber Insurance.” First-time buyers can press for strong terms and longer agreements. Existing buyers can stress-test limits against modern outage realities. In the cyber insurance market, today’s softness rewards discipline and speed.
Related Cyber Liability Insurance Posts
- Cyber Insurance Market Forecast: Powerful 2026 Trends In Ransomware, Vendors, Privacy, And AI
- Personal Cyber Insurance: What You Need to Know
- NEW PODCAST – Cyber Risk In 2026: AI Fraud, Cybercrime Scale, And What Cyber Insurers Want Next
- NATO’s Cybersecurity Warning: Maritime Ports at Risk as Digital Threats Escalate
- Marks & Spencer Gets $132 million in Cyber Insurance Claims, But Cyber Attack Slashes Profits
