Underpricing, rising claims and competition could destabilize market if discipline doesn’t return
Despite rapid expansion and falling premiums, the US cyber insurance market may be headed down an unsustainable path, according to CFC’s global head of cyber development, Lindsey Maher (pictured).
“Rates today are broadly adequate, but only marginally so,” Maher said.
That narrow margin, paired with intensifying competition and rising client expectations, is pressuring carriers to write broader coverage while collecting less in premium. “If rates keep falling while coverage keeps broadening, we risk paying less for more risk, which is an unsustainable path for the cyber market on the current trajectory,” she said.
Maher warned that the current environment mirrors conditions seen just before the market correction of 2019–2020, when a surge in ransomware events collided with pricing that didn’t reflect the scale of exposure. Today, clients are again securing more coverage for less. “It’s not uncommon either… to hear buyers being able to increase their limits for a premium reduction at renewal,” she said. “That’s really symptomatic of a hyper soft market in the US at the moment.”
There are now over 200 carriers offering cyber insurance products in the US alone. That heightened competition has accelerated innovation and helped bring more client-centric solutions to market—but it has also triggered pricing behavior that Maher characterized as risky.
“Coverage is getting broader and speaking to client needs… It has carriers seeking creative ways to really defend their product portfolios,” she said.
Clients want more than a policy
Despite growing concern over cyber threats, adoption remains low—particularly among SMEs. “Even in the US, adoption sits… around 30%, and there’s over 200 carriers in the market,” Maher said. “Each of us is really only writing a sliver of that.”
At CFC alone, more than 3,000 incidents were reported over the past year, and twice that number were identified and flagged by the insurer before clients were even aware of them. “We have a 99.1% cyber claims acceptance rate,” she said, adding that competitors likely show similar figures.
Yet buyers continue to question the value. “We’re hearing that cyber insurance feels too expensive,” Maher said. “Or that companies… would rather put money towards security over insurance.”
She argued that the role of the broker is crucial in closing that perception gap. “The cost of coverage is only a fraction of the cost of an incident,” she said. “Most policies combine insurance with actual security value today.”
In addition to pricing concerns, clients are increasingly demanding better service and accessibility. “It does feel it’s finally shifted to expecting more beyond the policy wording itself,” Maher said. Buyers now want tailored support – incident response, security guidance, and coverage that reflects their specific revenue size and industry – not generic applications with irrelevant questions. “They’re looking for insurers that provide value beyond just a piece of paper.”
Soft market masks structural flaws
On the underwriting side, access to cyber coverage is at an all-time high. “We’re still operating in an incredibly frictionless and accessible market,” Maher said. Some policies can be quoted with as few as one question.
But signs of tightening are beginning to appear. “We’re starting to see the first hints of greater discipline coming back into the market,” she said. “There’s a clear move to better align underwriting decisions with core security principles.”
Unlike previous broad-brush corrections, this new phase of underwriting is far more granular. “We’re able to actually pick up very niche subsections of particular industries and certain geographies,” Maher said. “So where things get a little bit hot in one segment, the rest of the market isn’t penalized for it.”
This evolution allows underwriters to apply more precision – but only if brokers understand how to position their clients effectively. “Being able to coach clients on how to present themselves from a cyber perspective can make all the difference,” she said.
Looking ahead, Maher identified the SME market as the biggest growth opportunity – but also the biggest challenge. “The number one opportunity that the market needs to focus on right now is the SME segment,” she said. Despite being highly exposed to cyber risk, SMEs remain significantly underinsured. “Most of the companies we see are… the Fortune 500, certainly. But mid-market and below that – and SME – are largely still underpenetrated.”
The traditional application process is part of the problem. “SMEs won’t engage in 20-page application forms, and they shouldn’t have to,” Maher said. With real-time data now available, many insurers can underwrite dynamically based on ongoing security posture rather than static, front-loaded forms. “It’s almost the death of the application.”
Getting smaller businesses on risk is step one. Helping them become better risks over time is step two. “We can then use those security teams to help them become better risks as policyholders,” she said.
While the mid-market is also flagged for growth, Maher emphasized the need for smarter growth – built on data, not scale for scale’s sake. “That underwriting discipline is there not just to hunt every risk to scale portfolios… but using the data that we’ve learned about them from existing books to make better informed decisions.”
Faster claims handling still lags behind
Although cyber is often hailed as one of the most adaptive lines in insurance, Maher flagged structural weaknesses that remain. Chief among them is the speed of business interruption (BI) claims adjustment. “The BI adjustment process… is incredibly clunky,” she said.
While most carriers provide instant triage within minutes of a breach, final payout timing often lags – leaving a critical gap. CFC introduced interim loss payments written into the policy contractually to help bridge that gap. But Maher said the broader market still has work to do. “The market collectively needs a better way to speed that process up for customers.”
Despite these challenges, Maher argued that the industry has shown its capacity to evolve. But unless the SME gap is addressed, long-term growth targets will remain out of reach.
“We were around half of that as a global market today,” she said, referencing growth projections that peg the cyber market at $30 billion by 2030. “We need to start reshaping how we approach, educate and engage that segment.”
Related Stories
LATEST NEWS
