Cyber risk remains one of the fastest-moving areas of insurance, with the US market in particular going through a period of recalibration. AI‑enabled attacks are accelerating, ransomware continues to evolve, and concerns around systemic events are influencing how cyber exposure is assessed and priced.
Below, you’ll find key trends and developments shaping the cyber market in 2026. Insights are drawn from our Inside Cyber Scoop webinar featuring Lindsey Maher, James Burns, C.J Spallitta, John Keebler and Morgan Justice.
How should brokers think about the current state of the US cyber market?
The cyber market can no longer be viewed as a single global entity. The US market is uniquely competitive, with a high number of insurers and MGAs actively writing cyber business. This has created sustained downward pressure on rates over the past two to three years.
At the same time, claims activity in the US has increased, eroding profitability across many portfolios. As a result, some insurers are now introducing rate increases, particularly on renewal books. While this suggests early signs of hardening, the consensus was that the US is not yet in a full hard market, though many expect further tightening if claims trends continue.
What is driving cyber pricing in the US right now?
Pricing is being influenced by what the panel described as the “three Cs”: capacity, competition and claims.
Reinsurance capacity is at an all-time high, fuelling the launch of new cyber MGAs, new Lloyd’s syndicates and insurer teams writing cyber. This abundance of capacity has intensified competition, which has benefited brokers and clients through broader coverage and innovation, but has also pushed prices down.
Claims are acting as the counterbalance. Rising frequency and severity, particularly in the US, are forcing insurers to reassess pricing adequacy. Outside the US, claims are also helping to slow the pace of rate softening.
How are insurers thinking about systemic cyber risk today?
Two to three years ago, systemic risk was front and center for insurers, largely driven by the ransomware surge and concerns about profitability. Today, the focus has shifted more towards growth and increasing cyber adoption, especially among SMEs.
Abundant reinsurance capacity has helped insurers transfer perceived systemic exposure, and so far the market has been able to absorb major events. However, the panel emphasized that systemic risk has not disappeared. Insurers must still actively consider scenarios that could exceed the private market’s capacity and work on solutions before those events occur.
Why are ransomware attacks still increasing?
Ransomware attacks continue to rise, alongside business email compromise. The key driver remains profitability. Ransomware remains a lucrative industry, even though the total value of ransoms paid has plateaued or declined slightly.
This is partly due to better incident response, negotiation strategies and regulatory pressure discouraging payments. However, the barrier to entry for cybercrime has dropped significantly. Ransomware-as-a-service and affiliate models allow less sophisticated actors to participate, increasing attack volume.
How are ransomware tactics evolving?
Two major shifts are shaping the threat landscape. First, data-only extortion is becoming more common. Attackers are increasingly stealing data without encrypting systems, reducing their costs and avoiding some defensive controls.
Second, automation and AI are being used across the attack lifecycle, from reconnaissance to lateral movement. These tools allow attackers to operate at greater speed and scale, compressing the time between initial access and impact.
While attackers are using AI and automation to accelerate attacks, defenders are also adopting AI to improve detection and response.
Can defenders realistically keep pace with attackers?
Cyber defence is a constant race. While attackers are using AI and automation to accelerate attacks, defenders are also adopting AI to improve detection and response.
At CFC, threat intelligence, attack surface monitoring and automation are central to proactive defence. Many alerts are now triaged automatically, allowing security teams to focus on real threats. Even so, attackers’ use of AI means the gap can widen at times, reinforcing the importance of intelligence-led prevention.
How is AI actually being used in cyber attacks, and what is overhyped?
AI is changing how efficiently cyber attacks are executed, particularly by improving phishing, social engineering and reconnaissance. With deepfakes and highly targeted phishing campaigns are becoming more common.
What is overhyped is the idea of fully autonomous cyber attacks. Human involvement remains central to criminal operations. AI is best understood as an accelerator or catalyst to make attacks more efficient or difficult to spot, rather than a replacement for attackers.
How does cyber insurance respond to AI-driven risk?
The panel was clear that AI is not a new peril. It is a tool that enhances existing risks such as ransomware, phishing and malware. As a result, cyber insurance should continue to respond to these events, even as AI changes how they occur.
From a coverage perspective, broad is better. Brokers and insureds need confidence that policies still respond to real-world threats, regardless of whether AI is involved.
What are the biggest barriers to cyber insurance growth in the US?
A major barrier remains trust. Some clients struggle to reconcile what they believe is promised at underwriting with what they expect during a claim. Reducing complexity, improving clarity and positioning cyber insurance as a partnership rather than a checklist exercise are essential to overcoming this.
There is also lingering complacency as pricing has softened. Focusing purely on price risks undermining long-term stability, particularly as threat actors continue to adapt.
How can brokers sell cyber without fearmongering?
The most successful brokers move the conversation beyond worst-case scenarios. Instead, they frame cyber insurance as a business resilience tool, highlighting services such as proactive threat monitoring, incident response and loss prevention.
Making risk tangible through industry-specific scenarios and positioning cyber as essential coverage, rather than an optional addon, helps drive meaningful engagement.
Where are the biggest opportunities for brokers in 2026?
Cyber remains significantly underpenetrated in the US SME segment. Brokers who raise cyber early in client conversations, specialize in specific industries and use program or bulk-quoting approaches are seeing the strongest results.
Positioning cyber as core protection, akin to property or workers’ compensation, rather than a technical niche product, is key to unlocking growth.
Staying ahead in a fast-moving market
The US cyber market is shifting. As pricing evolves, claims rise and threat actors accelerate their use of automation and AI, it’s more important than ever to stay close to the trends and understand how they translate into real‑world risk. We’re here to help you as brokers navigate through it – so whether you have any questions or need support, get in touch with us.
Watch the full webinar for a deeper dive into all the discussion points, and take your cyber knowledge further by completing our on-demand Cyber Masterclass video series.
