Estimated reading time: 16 minutes
I attended the 2026 PLUS Cyber Symposium in New York City, where the agenda, as you might already have guessed, focused on cyber liability insurance. The sessions provided useful insights for brokers, carriers, claims teams, and security leaders working in a rapidly changing threat environment. The following summaries cover the main themes from each panel. Topics included threat actor tactics, planning for cyber catastrophes, market pricing trends, business interruption issues, the rise of cyber insurance litigation, and how cyber and D&O coverage intersect.
State Of The Cyber Market: Pricing, Loss Trends, And Capacity In Cyber Liability Insurance
Panelists: David Lewison (AMWINS Brokerage), John Menefee (Travelers), Brian Thomas Robb (Berkshire Hathaway Specialty Insurance)
Moderator: Erica Davis (Guy Carpenter)
Session Topic: Pricing Trends, Loss Development, Capital Dynamics, And Underwriting Perspectives In The Cyber Liability Insurance Market
This panel looked at how the economics of cyber liability insurance are changing. Moderator Erica Davis led a discussion about pricing trends, capital movement, and underwriting strategies, focusing on how insurers, brokers, and reinsurers view current loss patterns and competition.
The panel said the cyber insurance market is stabilizing after several years of falling rates. Pricing pressure is highest for large middle-market and national accounts, while smaller businesses have seen steadier pricing. In many cases, the number of policies is growing even though total premium amounts are staying flat.
Cyber Insurance Loss Trends
Loss trends continue to shape underwriting strategies. The panel talked about changes in cyber claims, noting that ransomware attacks now focus more on stealing sensitive data than on locking files. Fewer organizations are paying ransoms, but the costs of responding to breaches are still going up. There has also been an increase in lawsuits after privacy incidents, especially third-party cases related to data collection and disclosure.
These legal trends are putting new pressure on cyber liability insurance carriers. In the past, most claims were about breach response costs. Now, ongoing litigation is adding to loss ratios. Panelists pointed out that class-action attorneys are increasingly targeting regulatory frameworks and privacy laws in different regions.
Capacity and competition are still major factors in the market. The panelists talked about how new companies and insure-tech startups are increasing underwriting capacity. This extra competition can make it harder to keep pricing disciplined. Some insurers are chasing growth, while others are focusing on profitability and being more selective in underwriting.
Systemic Cyber Risk
The panel discussed systemic cyber risk and how to model catastrophes. They noted that small outages and near-miss events are happening more often on cloud and tech platforms, showing the risk of bigger disruptions. Panelists said the industry needs to get better at modeling how technology dependencies affect cloud providers and digital infrastructure.
There is still strong market opportunity. Panelists pointed to ongoing growth in small and mid-sized businesses buying cyber insurance. They said that offering embedded cyber coverage and making the buying process simpler could help bring in more customers.
The main takeaway was that cyber liability insurance is still developing as a market. It continues to mature as underwriting data, claims experience, and risk modeling improve.
Cyber Business Interruption: Legal Insights, Coverage Evolution & Claims Realities
Panelists: Josh Foley, Scott N. Godes, Catherine Lyle, Joanne Quintal
Moderator: Sandy Perdiguerra
Session Topic: How Cyber Business Interruption Coverage Works In Practice, Why Policy Triggers Matter, And What Slows Claims Down
This session focused on Cyber Business Interruption and the challenges that affect claim outcomes. The panel pointed out a key issue: many buyers expect cyber BI to work like property BI, which leads to confusion when making a claim. Cyber BI often has different trigger language, waiting periods, and restoration periods. Policy wording also varies between markets. The group said that policy definitions are crucial and advised insureds to read income loss definitions carefully. Some insureds mistakenly think every expense is covered. The panel explained that covered BI is usually based on net loss, not gross profit.
Cyber Business Interruption Differences
The panel discussed a unique challenge in cyber BI: proving the loss. With property BI, damage is visible and rebuild milestones are clear. In cyber BI, there is often no obvious visual evidence. Systems might be back online, but business operations can still be slow to recover. This makes it harder to agree on when the restoration period ends. The panel also talked about differences in policy language. Some policies end BI coverage when computer systems are restored, while others wait until business operations are fully back. Carriers and insureds often disagree about which standard applies.
The panel focused on the realities of handling claims. They said that delays in reporting BI are a common reason for slow settlements. Sometimes insureds deny BI at first, then claim it months later. Missing documentation also slows things down. For example, insureds might only submit payroll costs and leave out sales data or margin details. The panel stressed the importance of clear timelines and separating costs into categories. They recommended agreeing early on how to calculate losses, since competing forensic methods can lead to unnecessary disputes.
“Lost Opportunity” Disputes
The panel discussed “lost opportunity” disputes. Construction and bidding models can shift revenue outside the downtime window. The group debated the trade-off between delayed and lost revenue and the industry-specific rebound effects. They also warned against assumptions that every bid would win. The panel urged tabletop planning for BI tracking and journal entries. They advocated early carrier involvement and the sharing of forensic accounting in tower claims. Panel members also described limited, careful use of dashboards. They resisted AI replacing human claims communication during a crisis.
Inconceivable! Expanding The World Of Cyber Litigation
Panelists: Raina Borrelli (Strauss Borrelli PLLC), Carolyn Purwin Ryan (Mullen Coughlin LLC), Dana Cuoco (At-Bay), Melissa Collins (Beazley).
Moderator: Vivian Beqaj Freedman (Liberty Mutual).
Session Topic: How A Breach Becomes A Dispute, How Claims Get Evaluated, And How Strategies Form Under Rising Privacy Exposure.
What Is Changing In Cyber Litigation
The panel said that cyber litigation is happening faster and in greater numbers. Plaintiffs sometimes file lawsuits even before official notice is given, thanks to better breach detection and public alerts. Now, class actions follow most breaches, and even smaller incidents can lead to lawsuits. The panel also noted that negotiations are happening sooner, with cases moving quickly to settlement talks. They compared the process to speed dating and moving chess pieces.
How Cyber Claims And Defense Strategy Are Evolving
The panel talked about third-party vendor events that lead to widespread litigation. They gave examples where one vulnerability causes many companies to face lawsuits. They recommended that affected companies coordinate their defense strategies. Contracts, indemnity clauses, and common-interest agreements can help keep efforts unified. The panel described early incident response as a crisis situation and stressed getting legal counsel involved right away to protect privilege. They warned that forensic reports are closely examined by plaintiffs and that companies can hurt their case if they release information too soon.
The panel explained how plaintiffs choose which cases to pursue. They look at regulatory filings, company statements, and leak sites. Negligence and contract claims are still common, but statutory claims—especially in California—are popular because damages are easier to measure. Whether a plaintiff has standing depends on the jurisdiction. The panel said that proof is stronger when dark web postings can be linked to specific plaintiffs.
Get The Cyber Insurance News Upload Delivered
Subscribe to our newsletter!
The panel talked about how settlements are structured and the uncertainty about how many people will participate. They said that online claims processes and offering cash alternatives can increase participation. They emphasized the value of insurers choosing experienced counsel, using data to set settlement ranges, and picking the right mediator. Good communication is key in cyber liability insurance litigation. The panel said that carriers, insureds, and counsel are most successful when they are transparent and align early.
The Intersection Of Cyber And D&O: Bridging The Towers
Panelists: Andrew Kosoff (HUB International), Elizabeth Napoli (Trisura Insurance Company), Emily Selck (The Baldwin Group), Peter Smith (AXIS Capital).
Moderator: Kari A. Timm (BatesCarey LLP).
Session Topic: Coordinating Cyber And D&O Coverage During Attacks, Outages, And Disclosure Fallout.
Scenario Walkthroughs And Coverage Triggers
The panel used two claim scenarios to map coverage across towers. One scenario followed a malicious ransomware attack on a public company. Threat actors entered through a software vulnerability and staged data for exfiltration. They encrypted systems and disrupted operations.
The company in the first scenario dealt with delayed notifications and reputational damage. This led to class actions, SEC investigations, and shareholder lawsuits. The second scenario involved a non-malicious outage from a bad software update. Customers experienced downtime and filed contractual and tort claims. This scenario also included PR issues, phishing attacks that followed, and securities litigation.
Where Cyber And D&O Intersect In Practice
The panel said that cyber policies are the first defense against costs like forensics, breach counsel, PR, notifications, and restoration. D&O policies, on the other hand, cover governance and disclosure issues. The focus is shifting from what happened to who was responsible for oversight. The panel encouraged early and frequent reporting under both policies and advised insureds to use notices of circumstance as a practical tool. They also stressed the importance of coordination when multiple carriers are involved.
Closing Gaps And Strengthening Procurement
The panel pointed out that cyber exclusions in D&O policies are a common source of problems. They recommended using clear carvebacks and definitions. They also emphasized the value of tabletop exercises and breach simulations to prepare boards. Being prepared leads to better results under both policies. The panel discussed SEC rules for cyber disclosures, including the four-day deadline for reporting material incidents.
The panel said that deciding what is ‘material’ is a judgment call and often leads to disputes. They advised companies to have clear processes for escalating and documenting issues internally. The panel also talked about AI risk, which is becoming a bigger factor in cyber and securities claims. They recommended strong governance, training, and oversight for AI use. Cyber risk should be a regular board topic, and planning for cyber and D&O insurance renewals should be integrated.
Emerging Tactics Of Threat Actors: What Cyber Liability Insurance Teams Need To Know
Panelists: Devon Ackerman (Cybereason), Gwenn Cujdik (AXA XL), Amy Mushahwar (Lowenstein Sandler LLP), Jay Vinda (Mosaic Insurance)
Moderator: Stuart Panensky (Pierson Ferdinand, LLP)
Session Topic: Emerging Tactics Of Threat Actors And The Ripple Effects Across The Cyber Ecosystem
This session looked at how threat actor tactics are putting new pressure on cyber liability insurance throughout the industry. The panel described modern cybercrime as a mature marketplace, where attackers split roles among specialists. Some groups focus on getting initial access and selling it, while others build malware, manage infrastructure, or handle extortion. This division of labor lets criminals move faster and carry out larger attacks more easily.
The panel talked about how cyber liability insurance responds to incidents affecting vendors and connected partners. They focused on the risks from SaaS platforms and managed service providers. A single exploited weakness can cause many related incidents. The panel also pointed out that limited logging and weak monitoring in third-party environments can hide data theft until late in the response.
Cyber Insurance Claims and Underwriting
The panel also discussed how claims and underwriting are adapting to new tactics. They said that broad policy language about unauthorized access often covers many new attack methods. The panel raised tough questions about AI, such as data poisoning of language models and how to measure the resulting income loss. They noted that there is growing demand for expert advice during claims adjustment and litigation.
Identity-based compromise was a key topic. The panel described threats from fake remote workers, compromised staffing processes, and malicious insiders. They also talked about non-human identities, such as service accounts and devices, which can create more ways for attackers to get into complex systems.
Ransomware
Ransomware remained central, but the panel stressed data theft at scale. The group discussed terabyte-scale exfiltration and the rising costs of reviewing large volumes of data. They also highlighted the attacker’s use of analytics and AI to quickly identify “crown jewels.” The panel closed with preparedness themes. They emphasized real-time employee training, vendor audits, practical tabletop exercises, and backup strategies that support real recovery.
Check Out Our Podcast – AI Risk Is Identity Risk: Non-Human Identities, PAM, And Resilience
The Empire Strikes Back: Preparing Cyber Liability Insurance For The Big Attack
Panelists: Doug Howard (Pondurance), Joe Niemczyk (Marsh), Dominic Paluzzi (McDonald Hopkins)
Moderator: David Bruce Anderson (Woodruff-Sawyer & Company)
Session Topic: Preparing The Cyber Insurance Ecosystem For Large-Scale Cyber Attacks And Systemic Events
This session looked at how people in cyber liability insurance prepare for large-scale cyberattacks that could hit many organizations at once. Moderator David Bruce Anderson led a discussion with experts in incident response, brokerage, and cyber law. The panel talked about ways insurers, security firms, and legal teams can get ready for widespread cyber events.
Cyber Dominos Fall
The panel talked about increasing worries over large outages affecting networks, software platforms, and infrastructure providers. Attackers are now targeting shared technology that supports many companies. One exploit in a cloud service, software provider, or managed platform can cause widespread problems. The panel said that cyber liability insurance needs to account for these concentration risks across their portfolios.
The panelists said that geopolitical tensions make coordinated cyber attacks more likely. Nation-state actors and their partners have the resources to launch big, damaging attacks. These could target critical infrastructure, financial services, or widely used business software. The panel stressed that insurers need to plan for situations where many policyholders are affected at the same time.
The Cyber Insurance Ecosystem
A main theme was the need for preparation across the whole cyber insurance ecosystem. The panel stressed that insurers, brokers, legal counsel, and digital forensics experts must work together. Large-scale attacks require a coordinated response from all these partners. Incident response teams need to be able to scale up quickly when many clients are affected at once.
The panel also talked about the value of preparedness exercises. Cyber insurers are doing more tabletop exercises that simulate major cyber events. These drills test how well teams communicate, handle claims, and coordinate responses. They also help reveal gaps in vendor support and decision-making.
Large Scale Attack Complexity
The panel also discussed legal risks and regulatory responses. Large-scale attacks can create complicated liability issues involving vendors, service providers, and third-party partners. The panel said organizations should understand their contracts and insurance coverage before a crisis happens.
The session ended with a clear message: cyber liability insurance markets need to prepare for large-scale cyber disruptions as seriously as they do for natural disasters. Planning, coordination, and resilience will determine how well the industry responds to a major cyber event.
Cyber Symposium FAQ
State Of The Cyber Market: Pricing, Loss Trends, And Capacity In Cyber Liability Insurance
The panel described flatter renewals and smaller swings, especially in North America. Policy counts keep growing while premium totals stay level. Large accounts still feel the most pricing pressure.
The panel discussed a shift from encryption-heavy ransomware to data theft and extortion. Breach response costs stay high even as ransom payments drop. Third-party litigation continues to increase after privacy events.
The panel pointed to more frequent cloud and platform outages and near-miss events. These incidents highlight dependency risk across shared infrastructure. The industry still debates catastrophe likelihood and loss size.
Cyber Business Interruption: Legal Insights, Coverage Evolution & Claims Realities
Many buyers expect cyber BI to operate like property BI. Cyber BI uses different triggers, waiting periods, and restoration definitions. Policy wording varies widely between carriers.
The panel emphasized documentation gaps and late reporting. Insureds often submit limited cost data without sales and margin detail. Parties also dispute when the restoration period truly ends.
The panel recommended tabletop exercises focused on BI tracking and journal entries. Early alignment on calculation methods helps speed adjustment. Shared forensic accounting can reduce conflict in tower claims.
Inconceivable! Expanding The World Of Cyber Litigation
The panel said lawsuits arrive faster and more often. Plaintiffs can file before formal notice based on public signals. Smaller breach populations now still trigger class actions.
The panel cited proof of stolen data and evidence of dark web posting. A clear link between posted data and named plaintiffs strengthens claims. Jurisdiction also strongly shapes outcomes.
The panel emphasized counsel selection, settlement benchmarking, and mediator choice. Carriers can contribute broad claims data across jurisdictions. Strong communication among carrier, counsel, and insured improves results.
The Intersection Of Cyber And D&O: Bridging The Towers
The panel positioned cyber as the first responder for incident costs. Forensics, breach counsel, PR, notifications, and restoration usually sit there. Cyber reporting should start early.
The shift happens when allegations focus on oversight, disclosure, or governance failure. Securities class actions and derivative claims often follow public disclosure. SEC scrutiny can accelerate that path.
The panel urged coordinated placement and clear carvebacks when cyber exclusions appear in D&O. Tabletop exercises improve board readiness and reporting discipline. Integrated renewals help align definitions and reporting triggers.
Emerging Tactics Of Threat Actors: What Cyber Liability Insurance Teams Need To Know
The panel described specialized criminal roles that speed attacks and scale targeting. Attacks now ripple across vendors, suppliers, and partners. These patterns complicate underwriting and claims response.
The panel discussed credential abuse, fake workers, insider risk, and non-human identities. These pathways bypass traditional perimeter controls. They expand attack options inside complex environments.
The panel highlighted vendor audits, practical tabletop exercises, and resilient backups. Strong monitoring and logging reduce late discovery of exfiltration. Real-time training supports faster response decisions.
The Empire Strikes Back: Preparing Cyber Liability Insurance For The Big Attack
The panel focused on events that disrupt shared technology layers. A single failure in a cloud or platform provider can cascade widely. These scenarios create concentration risk across portfolios.
The panel discussed simultaneous demand across many insureds at once. DFIR, legal, and claims resources face capacity constraints. Coordination across partners becomes essential.
The panel emphasized catastrophe-style tabletop exercises and response coordination. Contracts and vendor obligations should be clear before crisis. Organizations should validate coverage positions and escalation paths early
Related Cyber Liability Insurance Posts
- 7 Essential Cyber Insurance Requirements You Can’t Ignore
- AI Risk and Autonomous Agents: Why Access Controls Matter – NEW PODCAST
- Artificial Intelligence Report: Only 44% Ready to Support Secure AI, Delinea Finds
- As Cyber Insurance Growth Stalls: Report Shows Europe Key to Rebooting Market
- Browser Security Risks in 2025: Why Criminals Target Your Browser First
