A cyber event comparable to a moderate property-catastrophe year could be enough to shift pricing, indicating that the next market turn may require less severity than previously assumed.
Howden Re’s Cygenesis: Origins of Cyber Market Cycles places that threshold at an event with a 10- to 18-year return period, suggesting that losses on the scale of a year such as 2008 in property catastrophe could prompt a response without requiring an extreme tail event.
Historical property-catastrophe loss years mapped against cyber industry loss curves indicate that current cyber catastrophe experience remains below levels typically associated with market dislocation. However, the structure of the cyber market leaves it sensitive to change.
The top 10 insurers account for around 40% of premium, while the top 10 reinsurers represent approximately 87% of capacity, creating conditions where adjustments in underwriting strategy or risk appetite could influence pricing.
This aligns with wider industry views that a systemic event, rather than incremental deterioration alone, would be required to reset expectations. Morningstar DBRS noted that the absence of a major cyber loss event since 2023 has allowed pricing to remain under pressure despite rising geopolitical risk.
The cyber market is now in its fourth consecutive year of rate softening, with capacity continuing to outpace demand. New entrants and alternative capital have added supply, while expected growth drivers have not developed at the anticipated pace.
Tower sizes contracted in 2021 and 2022 before stabilizing, while geographic diversification has progressed slowly. The United States remains dominant, with its share now expected to reach 65.4% of global premium by 2030, compared with earlier projections of 53.7%.
External market data points to the same direction of travel. Gallagher Re reported a -32% risk-adjusted rate change for cyber aggregate excess of loss contracts at the January 1, 2026 renewals, following continued softening in primary markets. Marsh data also showed a 7% decline in global cyber insurance rates in the second quarter of 2025.
Morningstar DBRS similarly reported rate reductions of about 30% in the US reinsurance market during the April 2026 renewal period, supported by stable loss experience and strong capacity.
While pricing remains under pressure, long-term growth expectations remain unchanged. Gallagher projects global cyber insurance premiums could reach $30–50 billion by 2030, up from $16–20 billion in 2025. Munich Re places the current market at about $15 billion, pointing to continued demand tied to digital risk exposure.
That demand is underpinned by a large protection gap. Industry estimates suggest only about 10% of cyber risk is insured, leaving significant room for expansion even under current pricing conditions.
Pricing behavior is also influenced by how losses emerge. Comparisons with D&O cycles show that pricing can continue to soften even when combined ratios exceed 100% for several years, due to delayed claims development.
Cyber risk is moving in a similar direction. A growing share of losses now comes from third-party exposures, including data breaches and liability claims, which take longer to develop than first-party ransomware losses. This can delay recognition of underwriting performance and extend soft conditions.
“The cyber market is maturing rapidly, but despite growing up quickly, cyber remains a relatively new class, which is why cycle analysis is so valuable. Cedents need to consider a broader range of outcomes, from shock events to gradual loss accumulation and delayed claims emergence. Today’s picture is more nuanced: margin deterioration is playing out alongside a shifting threat landscape and evolving loss composition, so the signals of the next turn will be more challenging to read. Cygenesis provides a framework to assess these dynamics and position portfolios accordingly,” said Luke Foord-Kelcey, global head of cyber at Howden Re.
Attack patterns are changing in ways that affect loss development. Data leak site activity increased by +458% from 2020 to 2025, while the proportion of victims paying extortion demands declined.
This indicates a move toward higher-frequency incidents with lower payment conversion, alongside increased third-party costs. Gallagher also noted a shift from encryption-based ransomware to data exfiltration and extortion, while supply chain attacks and non-breach privacy litigation are emerging sources of loss.
Artificial intelligence is adding to this environment. Munich Re found that 71% of executives now view AI as significantly relevant, with 63% expressing interest in insurance for AI-related risks. At the same time, AI-driven threats such as deepfakes and automated vulnerability discovery are increasing the scale and speed of attacks.
Macroeconomic conditions continue to influence pricing. Investment income accounts for approximately 75% of earnings for property and casualty insurers, linking underwriting performance to interest rate levels.
At investment returns of around 6%, insurers can sustain combined ratios of approximately 102–103% while maintaining returns on equity of 11–12%. Lower returns near 4% require stronger underwriting performance, with combined ratios closer to 96–97%.
Despite current soft pricing, profitability has remained stable. Morningstar DBRS estimates the cyber insurance sector recorded an average combined ratio of about 70% in 2024, supported by improved risk controls such as multi-factor authentication and offline backups.
Reinsurance continues to play a central role in managing cyber exposure. Alternative capital instruments, including insurance-linked securities and catastrophe bonds, are contributing to capacity and influencing pricing conditions.
At the same time, structural changes are taking place. Buyers have secured improved terms in recent renewals, including lower attachment points for aggregate excess of loss covers, while insurers adjust cession strategies in response to margin pressures.
There is also greater focus on accumulation and frequency risk, given the shift toward systemic exposures such as cloud outages and supply chain disruptions. Coalition has pointed to recent incidents affecting technology providers as examples of correlated risk across multiple insureds.
Pricing direction is likely to depend on the interaction of loss activity, capital availability, and claims development. Current conditions - strong capacity, stable loss experience, and improving risk management - have supported continued softening.
“Cyber occupies a distinctive place within the broader re/insurance cycle. As a young class, it remains more exposed to evolving, idiosyncratic risks - from changes in the threat landscape to shifts in loss composition - while at the same time being increasingly influenced by the same macroeconomic and capital dynamics that shape more established lines. Cygenesis highlights a framework in which these forces are not static; their relative importance changes over time, making the cycle inherently more complex and less linear. Rather than pointing to a single trigger, the framework is intended to help market participants interpret how loss development, capital conditions and external volatility interact, and to navigate a wider range of potential outcomes as a result,” said David Flandro, head of industry analysis and strategic advisory at Howden Re.
In that context, a moderate cyber loss event - rather than an extreme shock - remains a plausible catalyst for a change in market conditions.
