Why the soft market may be the most dangerous yet for cyber

The cyber insurance market may be entering one of its softest phases in years, but industry leaders are warning that the drop in premiums does not reflect an improvement in cyber risk. 

Instead, the sector is experiencing an oversupply of capacity, creating pricing pressures at a time when artificial intelligence (AI)-enabled threats are accelerating at a pace not yet matched by cybersecurity controls.

Maria Long (pictured), chief underwriting officer at Resilience, told Insurance Business that buyers are now facing more favourable pricing and broader terms, even as risk becomes more complex. This paradox – soft market conditions amid hardening risks – could create the next major inflection point for the industry. 

“Premiums are dropping, but not because the risk landscape is improving. Capacity is up, competition is high, and markets are hungry to gain share,” Long said. “I don’t see controls regressing. But the issue is that controls aren’t keeping up with AI-driven threats. What was considered best-in-class security 18 months ago may no longer be sufficient.”

Cyber capacity is up… but are controls stagnating?

During the hard market of 2020-2022, cyber insurers drastically tightened underwriting standards following a spike in ransomware and business email compromise claims. Organizations were required to implement multi-factor authentication (MFA), endpoint protection, encryption, privileged access controls, and incident response plans as minimum requirements for coverage. These measures led to a marked improvement in cyber hygiene and reduced loss ratios across many portfolios.

Fast forward to 2025. Threat actors are now using AI to enhance phishing attacks, generate deepfake audio and video, and exploit vulnerabilities at scale. As a result, traditional defenses, particularly employee training and email filtering, are struggling to keep pace.

Resilience’s internal claims data shows social engineering accounted for 57% of incurred cyber claims and 60% of incurred losses in the first half of this year. Unlike traditional cyber incidents, many of these attacks bypass technical defenses by impersonating human decision makers with AI-generated audio or video. 

Long pointed to manufacturing as a prime example of a sector burdened by outdated technology and elevated exposure. “Manufacturers have built operations around legacy systems that weren’t designed with cybersecurity in mind,” she said. “They can’t easily replace those systems without halting production, so they continue operating with vulnerabilities that are now being actively targeted using AI tools.”

She added that with rising interconnectivity between IT and operational technology (OT), cyber incidents in manufacturing are moving beyond data theft and business interruption, toward actual physical damage to equipment and production environments.

Maintaining underwriting discipline in a soft cyber market

Long cautioned that in a soft market, pressure to win business can lead some insurers or MGAs to loosen standards. That is a trend she believes the market must resist.

“It comes down to underwriting guidelines,” she said. “You need a clear walk-away point. You can’t sacrifice bottom-line profitability in pursuit of top-line premium growth. The goal is quality market share, not just more market share.”

Long emphasized the importance of portfolio balance and underwriting leadership, especially in a market where high-capacity players may be tempted to relax controls to gain volume. 

Brokers called to lead on cyber risk management

Underwriters must maintain vigilance on cybersecurity controls, enforce minimum standards, and avoid “race-to-the-bottom” pricing. But brokers also play a critical role in maintaining the market’s health by advising clients to pursue resilience, not just low premiums. 

“There’s a difference between finding the cheapest market and finding the right market,” Long said. “A good broker helps clients decide how much risk to retain, how much to mitigate, and how much to transfer.” Those three components – risk retention, mitigation, and transfer – must be part of every client conversation, she added. 

Resilience, as a cyber MGA and underwriter, provides security solutions in addition to insurance coverage. Long believes brokers should be encouraging clients to leverage such services to improve cyber maturity, not just to obtain coverage, but to meaningfully reduce risk.

“The industry should be focused on long-term viability,” Long said. “Capacity may be abundant today, but without underwriting discipline and stronger controls to address AI threats, those losses will emerge, and the market will harden again.”