What's Next for Cyber Re/Insurance?

The dynamics of the cyber market are characterised by sluggish demand growth, saturation in mature markets and softening rates; some underwriters feel the market has reached a ceiling. For now, at least among established players. Heading into 1/1 and planning for 2026, the key question is what’s next for cyber re-/insurance? 

The corrections of 2020–2022, including premium increases and tighter terms, restored profitability, repairing damage from systemic accumulations of prior years. By 2024, global competition had intensified. Now, with plentiful capacity, new entrants and brokers pressing for concessions, incumbents are reassessing pricing adequacy. While maintaining discipline is essential to protect long-term stability, the imbalance between abundant supply and low demand in some segments constrains market growth.

Low take-up is particularly pronounced among SMEs, despite the protection gap. Understanding of cyber coverage and exposures is evolving; cyber insurance is a developing class that will continue to mature with education. Systemic risk remains a theoretical concern for many, without clarity on the practical implications for their businesses. Rather than competing for existing business, re/insurers should actively generate new business by creating awareness and demand. Investment in prospective-client education and market engagement is critical to show how cyber re/insurance protects clients’ balance sheets.  

Regional differences remain pronounced, with strong growth potential in Europe. Although it’s the second strongest area for cyber insurance, overall penetration is still very low. Ransomware remains the main threat, with business interruption and breach response the most relevant coverages. Competition is especially strong in Europe, which tends to lag the US within market cycles.

Product innovation also remains central to achieving forward momentum. For reinsurance, traditional proportional and non-proportional structures, including quota share and aggregate stop loss, provide capacity but do not always close insurers’ protection gaps. Changes in model outputs, threat environments, claims trends and geopolitical crises all necessitate product innovation. While event excess of losses (XOL) try to fill the cat gap, consistent event definitions are still lacking, causing further uncertainty for buyers. 

The recently developed Surge Aggregate XOL addresses these concerns by providing cat protection without the need for an event definition, enabling insurers to design structures better aligned to their requirements. Such innovations are essential, yet greater cross-market collaboration is required to generate more precise, client-driven and tailored cyber products.

The threat environment continues to evolve, with ransomware still dominant yet diverging as frequency eases in some sectors while severity escalates in others. Recent concentrated losses from major attacks are not fully captured in aggregation models, highlighting vulnerabilities in existing product design. Geopolitical conflict and technological shifts are further shaping exposure patterns, all of which underline the need for further innovation.

 Artificial intelligence continues to play a double-edged role in cyber. Offensively, AI lowers barriers to sophisticated cyberattacks, facilitating ransomware campaigns with minimal technical expertise. Defensively, AI strengthens detection, response and resilience. Yet its adoption carries governance and operational risks: poorly secured AI systems can increase vulnerabilities and cause operational disruption. Re/insurers must also consider workforce implications, as automation may replace or reshape certain functions. Robust AI governance and thoughtful deployment are therefore essential to balance operational integrity with market stability. 

Despite the cyber market appearing to have plateaued, clear opportunities and imperatives illuminate the path ahead. LM Re is unlocking demand through ongoing awareness raising and education, actively closing protection gaps through innovation, and embedding AI considerations into strategy and governance. Engaging with these challenges will enhance the resilience of our businesses and that of more clients, ushering in the cyber market’s next phase of sustainable growth and development.