Cyber insurance is approaching a pivotal transition as carriers, brokers, and policyholders confront mounting claims costs, evolving ransomware tactics, and the accelerating influence of artificial intelligence. Nadia N. Hoyte (pictured), partner - national practice cyber leader at USI Insurance Services, said the market is no longer operating on sustainable assumptions around pricing, underwriting, and exposure assessment.
Rather than viewing the current environment as a correction, Hoyte said the sector is entering a new cycle that could ultimately create greater long-term stability. Claims severity and duration are increasingly outpacing premiums, while large breach-related litigation continues to influence how insurers evaluate long-tail exposure.
“The current pricing cannot be maintained in a space with this volume of claims,” Hoyte said. “Some claims with long tails are a growing concern.”
The result, she said, is growing pressure on the industry to rethink how cyber risks are categorized, underwritten, and serviced. Broad underwriting approaches that rely heavily on revenue bands or standardized application forms are becoming less effective as claims patterns diverge across industries.
Hoyte said cyber exposures now vary significantly between sectors such as healthcare, retail, construction, and manufacturing, requiring more nuanced underwriting and advisory practices. While she does not believe the market needed entirely separate cyber products for every industry, she said insurers and brokers needed to better align coverage structures with operational realities.
“We can’t keep writing cyber in the same way,” Hoyte said. “We need underwriting that’s more focused around specific industries.”
That shift is also expected to change expectations for brokers. Hoyte said brokers increasingly need to function as cyber risk advisors with a stronger understanding of technical controls, governance, and sector-specific exposures. Generalist approaches, she said, may become increasingly difficult to sustain as cyber threats evolve.
“Not all brokers should be selling cyber,” Hoyte said. “There is going to need to be a better understanding and a greater comfort level around technical controls and governance.”
Static application forms and binary underwriting questions often fail to capture how organizations actually use technology, according to Hoyte. She pointed to examples such as pixel tracking technologies, where the same tool can create very different exposures depending on how data is collected, connected, and stored.
“You can’t accept that the normal case is the normal case,” Hoyte said. “Each case has to be treated with a client-specific understanding.”
She added that many organizations still struggle to articulate their own cyber risk tolerance or operational exposure. Brokers therefore have an expanding role in helping clients understand cyber terminology, prioritize vulnerabilities internally, and communicate those risks effectively to insurers.
The same advisory gap appears in ransomware and social engineering exposures. While awareness of cyber threats has increased significantly, Hoyte said many organizations still fail to internalize how vulnerable they remain.
“People understand the concept, but there’s still a thought that ‘all they’re going to do is lock me out and then give me a ransom,’” Hoyte said.
Organizations that choose not to pay ransom demands may still face substantial operational disruption, legal costs, and recovery expenses. Hoyte said insurers and brokers need to have more direct conversations with policyholders about the broader financial implications tied to ransomware events.
Artificial intelligence is adding another layer of urgency to the cyber market’s evolution. While much of the public discussion focuses on attackers and defenders using AI tools, Hoyte said the industry also needs to pay closer attention to how policyholders themselves are deploying AI solutions. “Attackers and defenders are going to use AI, and that is a mainstay,” Hoyte said. “What often doesn’t get discussed enough is the need to place greater focus on the actual solutions policyholders are using.”
Underwriters, she said, need to understand both the intended use of AI systems and the potential vulnerabilities those systems introduce. That includes evaluating policy language more carefully and assessing how attackers could exploit the same AI-enabled platforms organizations rely upon internally.
Hoyte said the pace at which cybercriminals can exploit vulnerabilities has accelerated dramatically. Previously, threat actors often required weeks or months to operationalize newly identified common vulnerabilities and exposures, or CVEs. Increasing automation and AI-assisted analysis are shortening that timeline substantially. “Now we’re at a point where it’s hours; it will soon be minutes,” Hoyte said.
That acceleration is likely to place additional pressure on underwriting models, incident response planning, and risk management practices. Hoyte said the industry needs to categorize AI solutions more effectively to understand how different applications contribute to both defense capabilities and emerging exposures.
Beyond commercial insurance, Hoyte also sees significant development opportunities emerging in personal lines cyber coverage, particularly among small business owners and high-net-worth individuals whose personal and business technology environments increasingly overlap.
She pointed to common household scenarios where business operations, gaming systems, guests, and personal devices all share the same wireless network without segmentation. Social media-driven marketing arrangements also create exposures that many small business owners have not fully evaluated.
“There is an entire exposure there that has not yet been fully realized,” Hoyte said.
While some insurers are beginning to develop products targeting those risks, Hoyte said education and active risk management will remain essential. Rather than offering passive protection, she expects personal cyber coverage to evolve toward more proactive engagement models that include risk controls, ongoing guidance, and individualized mitigation expectations.
“There is a lot of space and growth in that area,” Hoyte said. “It’s going to be a target for development in the coming months and years.”
