CYBER INSURANCE OUTLOOK
Emerging Risks, Underwriting Trends and Strategic Insights
Key Takeaways
Cyber risk is expanding across all sectors, with healthcare, manufacturing, retail education, and public utilities at heighten risk. The average cost of a U.S. data breach reached $10.2 million in 2025, a 9% increase from 2024.
Baseline cybersecurity controls are now prerequisites for insurability.
Carrier-provided pre-breach services are a key differentiator.
Cyber claims involve multiple parallel processes and comprehensive business continuity plans are essential.
Underinsurance remains a systemic issue. Insureds often underestimate their true short-term exposure resulting from business interruptions and the costs to reestablish operations, as well as the longer exposure from third-party and class-action claims.
Policy design must reflect real-world recovery timelines. Reputational Harm coverage is increasingly important.
Threat actors are leveraging AI to scale phishing and social engineering attacks, increasing the pace of change, and honing the "quality" of these attacks.
Market Conditions & Underwriting Focus
The Cyber Insurance market is becoming increasingly complex, driven by escalating threats, evolving regulations, and rising expectations for proactive risk management.
Carriers are tightening underwriting standards and now require evidence of strong security controls such as MFA, EDR, and privileged-access management. However, increased capacity and competition create opportunities to negotiate broader terms and higher limits for insureds with robust cyber hygiene.
Pre-breach services are now a critical differentiator. Carriers increasingly bundle offerings such as MDR, phishing simulations, and tabletop exercises to reduce loss frequency and severity. Brokers and agents who position these services as part of a comprehensive risk management strategy can deliver measurable value.
AI is no longer theoretical in cyber risk. IBM estimates that one in six breaches now involves AI-driven tactics. While deepfakes are not yet a primary loss driver, the longterm risk of data harvesting and future decryption remains significant, reinforcing the need for continuous monitoring and adaptive security measures.
Cyber exposures affect every industry differently, requiring brokers and agents to align underwriting strategies with sector-specific vulnerabilities and operational realities. Industries at heightened risk include:
Business Interruption: How to Improve Outcomes
Business Interruption remains one of the most misunderstood aspects of Cyber coverage.
Many insureds assume it functions like an immediate reimbursement for operating expenses. In reality, it is a measured loss of income coverage that requires a covered trigger and a waiting period before loss calculation begins. Other common misunderstandings include:
Valuation: The focus is on lost net income and necessary extra expenses, not a list of operating costs.
Payments: Payouts are not immediate; carriers validate and review calculations thoroughly, which can take time.
Coverage gaps: Many programs lack important extensions such as Non‑IT‑Dependent Business Interruption, which responds when a critical third-party dependency suffers a qualifying event.
Reputational harm: Revenue loss often continues long after systems are restored because customer trust and brand perception take time to recover.
Brokers and agents can help improve outcomes for their clients by:
Negotiating short waiting periods and extended indemnity periods (up to 180 days).
Ensuring full-limit coverage for System Failure, Dependent Business Interruption, and Non‑IT‑Dependent Business Interruption.
Including Reputational Harm coverage to address post-event revenue loss.
Setting expectations early about documentation, forensic accounting, and claim timelines.
Claims Lifecycle: What to Expect
Cyberattacks are more expensive than ever. The average cost of a data breach in the United States reached a record $10.2 million in 2025, a 9 percent increase from 2024, according to IBM.
When a cyberattack occurs, the response is complex and involves multiple processes happening at once. A comprehensive business continuity plan is essential to maintain operations, protect people and assets, and accelerate recovery during and after disruption.
While no two cyber events are identical, the stages below outline a typical claims lifecycle to help brokers and agents prepare insureds for the steps they will likely need to take if their data is breached:
Day 0–3: Stabilize and
Assess
Engage breach counsel and negotiators immediately (especially for ransomware).
Initiate forensics to isolate affected systems and determine data exfiltration.
Begin regulatory assessment and coordinate with IT to manage downtime.
Week
1–4:
Notify and Recover
Issue notifications and offer credit monitoring to impacted parties.
Coordinate with banks for funds-transfer recovery efforts.
Launch public relations efforts to control the narrative.
Month 1–12+: Litigate and Resolve
Evaluate class-action filings and regulatory fines.
Quantify Business Interruption and Reputational Harm.
Transition to post-breach training and infrastructure hardening.
Tips for Brokers Agents
Review exclusions, sublimits, and indemnity periods to ensure alignment with the insured’s risk profile and retention appetite.
In a market where underwriting discipline and proactive risk management are critical, brokers and agents play a critical role in guiding insureds. The following actions can help strengthen resilience, improve insurability, and deliver measurable value.
#1 Educate insureds on baseline controls.
Reinforce MFA, EDR, encryption, and privilegedaccess management as non-negotiable for coverage and risk reduction.
#2 Leverage carrier pre-breach services.
Model realistic loss scenarios for Business Interruption, regulatory fines, and class action defense to avoid underinsurance and address aggregate exposure concerns.
#3 Right-size limits. Promote MDR, phishing simulations, and tabletop exercises to strengthen resilience and reduce claim severity.
#4 Clarify policy language. Encourage insureds to maintain an incident response plan, vendor contact list, and communication strategy for rapid execution.
#5 Plan for claims complexity. Discuss sector-specific and AI-driven threats and the importance of continuous monitoring and adaptive security measures.
#6 Address emerging risks.
By focusing on these priorities, brokers and agents can position themselves as trusted advisors— helping insureds navigate a complex Cyber landscape, secure comprehensive coverage, and recover quickly when incidents occur.
Contributors
Ken LaBelle
Kyle Bell-Colfer Senior
Broker
Professional Liability
Burns & Wilcox, Brokerage Division
Chicago, IL
Click here for contact details >
Broker
Professional Liability
Burns & Wilcox, Brokerage Division
Chicago, IL
Click here for contact details >
Joey Franiak
Broker
Professional Liability
Burns & Wilcox
San Diego, CA
Click here for contact details >
Benjamin Buchanan Vice President
Specialty Liability Claims
Hartford Steam Boiler (HSB)
This commentary is intended to provide a general overview of the issues contained herein and is not intended, nor should it be construed, to provide legal or regulatory advice or guidance. If you have questions or issues of a specific nature, you should consult with your own risk, legal, and compliance teams.