For two years, cyber has been one of the easier conversations in a commercial broker’s day. Premiums are down, capacity is abundant and clients have been receptive. That’s about to get more complicated and the brokers who treat the current soft market as a permanent state of affairs may find themselves exposed when it ends.
Jeffrey Gonlin (pictured), chief underwriter at Emergence Insurance, which underwrites cyber risk across Australia and New Zealand, doesn’t mince words about where the market stands. “The easy money is gone,” he said. After years of healthy margins that attracted a flood of new capital into the cyber line, the competitive pressure that followed has stripped out much of the pricing buffer that made the class look almost too good to be true.
The cumulative rate cuts of the past two years are the core issue. “I just don’t believe there’s 40 or 50% fat left in pricing,” Gonlin said, at a time when some players are still aggressively undercutting rivals ahead of June renewals. Actuarial firm Finity has reached a similar conclusion, flagging irrational pricing behaviour and projecting a loss in the cyber line. Globally, the numbers confirm the trajectory: according to Swiss Re, cyber premium growth slowed from more than 30% annually between 2017 and 2022 to roughly 5% between 2022 and 2025. In the United States, gross written premium actually declined in 2024 for the first time. Eleven-plus consecutive quarters of negative rate change is not a correction, it is a structural shift with a ceiling.
Only 10 to 20% of SMEs - the client base that defines most commercial broking books in Australia and New Zealand - currently purchase cyber insurance. That is not a market that has been tapped and found wanting. It is a market that has barely been touched.
For broker leaders, that figure should reframe the entire conversation. A soft market with falling premiums and abundant capacity is precisely the moment to bring reluctant SME clients across the line before pricing resets and the conversation becomes harder. The threat data makes the case for urgency concrete. Cyble’s Q1 2026 ANZ Threat Landscape report tracked 33 publicly disclosed ransomware attacks in ANZ in Q1 2026 alone - a figure experts acknowledge represents only a fraction of actual incidents - with the banking, financial services, and insurance sector accounting for 44% of all data breach incidents. In New Zealand, a threat actor offered 213 million records from the country’s largest private social network for sale on a cybercrime forum in January including names, phone numbers, addresses, private messages. In Australia, a car rental insurer breach exposed personal and policy data for 300,000 customers. A data analytics firm breach in March created a supply chain event that hit law firms and courts simultaneously.
Cyble’s assessment also found that while 75% of ANZ organisations feel confident in their detection capabilities, only 30% have a tested business continuity plan. That gap is a client conversation most brokers aren’t having - and a practical place to start. Brokers who identify which clients have no continuity plan and work backwards from there will find no shortage of conversations worth having. It is also a liability question: the broker who fails to surface that gap, and whose client later suffers an uninsured or underinsured loss, has a professional problem as well as a relationship one.
This is where Gonlin’s sharpest observation lands. The current pricing environment has been shaped, at least partly, by the fact that recent high-profile incidents didn’t produce the catastrophic losses many anticipated. CrowdStrike’s global outage shook operations worldwide but didn’t put companies out of business. The Canvas breach in US education resolved without the worst-case outcome materialising.
“I think that’s been eroded because we’ve been lucky,” Gonlin said, referring directly to the systemic risk load that underwriters once built into their pricing. When good luck gets mistaken for good pricing, the gap between what a policy costs and what it might one day need to pay quietly widens. Gallagher’s Q1 2026 cyber market outlook flagged AI-enabled deepfake fraud - now within reach of unsophisticated criminals - alongside supply chain vulnerabilities and a new wave of triple-extortion ransomware as features of the current environment, not hypothetical futures.
The window of affordable, well-structured cyber cover that exists right now will not stay open indefinitely. The clients who are not yet buying are the most exposed and the brokers who did not make the case while pricing was in their client’s favour will be the ones answering difficult questions when the market corrects. The reset won’t announce itself in advance. But the brokers who act as though it might are the ones who will be glad they did.
