The US cyber insurance market is flush with capacity, artificially low pricing, and a wave of new entrants chasing market share. But beneath the soft conditions, a far more dangerous threat landscape is taking shape. Joe Erle (pictured), cyber group practice leader at C3 Insurance, has a clear-eyed view of where the market stands today and where it is inevitably headed.
"The state of the market today is a very easy market to work with lots of new entrants and lots of companies competing for business on the cyber insurance side," Erle said. "Basically, there are so many companies with so much VC money that prices are artificially low. I don't think the pricing is based on claims per se; I think it's based more on what they can afford to write in order to grab market share."
The result is a market where underwriting scrutiny has softened alongside premiums. Applications move faster, fewer questions get asked, and carriers are leaning on volume rather than precision. For brokers, it is a favorable environment in the short term. The longer-term question is whether that pricing holds once claims catch up.
If the soft market represents a short-term challenge, the evolution of cyberattacks represents something more enduring. Erle pointed to the high-profile 2024 Arup case in which an employee was deceived into authorizing five wire transfers of $5 million each to fraudsters impersonating the company's CFO and other executives on a fabricated video call, as a clear warning to the entire industry.
"They thought they were on a call with the CFO and the rest of the team, but it was all deepfakes. So, it's definitely happening out there." Erle said
But Erle believes financial fraud is only the beginning. The more corrosive long-term threat, he argues, is reputational. Deepfake video and audio of company executives, once released on social media, can spread faster than any correction the company can issue.
"I think we're going to see a lot of reputational risks with deepfakes, more than even people trying to steal money," he said. "It's easy for individuals to put something out on Twitter or on any social media platform where it looks like the CFO is saying something and then it gets shared so many times that people don't even know if it's real or not by the end, even if the company comes out with a statement saying it was a deepfake."
For brokers, that shift has direct implications. Reputational harm coverage is no longer a niche consideration it is becoming a core exposure conversation for any client with public-facing leadership. Advisors who want to stay current on emerging cyber liability trends for US business clients will need to build deep-fake risk into their standard client consultations.
In a crowded market, the insurers gaining ground are not simply underpricing their competitors they are out-thinking about them. According to Erle, the winning carriers are layering technology into the underwriting process, moving well beyond self-reported applications to build a more complete picture of a client's actual risk posture.
"The good companies are utilizing technology to verify what's on the application," he said. "They're using outside-in scans, information from big data, and in some cases additional data that is either proprietary or comes from vendors they work with all to create a bigger underwriting picture."
Some are going a step further, bundling cybersecurity tools directly into their policies. Carriers such as Cowbell and At-Bay have begun incentivizing policyholders to adopt stronger security controls offering higher limits or better terms in exchange for improved email filtering and endpoint detection. It is a model that aligns insurer and insured interests in a way that pure price competition cannot. For brokers tracking the latest news and analysis in US cyber insurance, that kind of value-added underwriting is fast becoming the standard to watch.
Erle is direct about what today's market demands from brokers. The job is no longer just placement; it is pre-placement consultation, something closer in practice to a cybersecurity assessment.
"The agent's first job is to find out where the company is just like when a cybersecurity consultant goes in and assesses where someone is in terms of their cybersecurity maturity," he said. "We go in and find out where they are in their cybersecurity insurability."
That means asking hard questions before an application is ever submitted whether a client has endpoint detection and response in place, whether email filtering meets carrier thresholds, and whether gaps in security posture can be closed before quoting begins. Simply having an endpoint detection system in place, Erle noted, can meaningfully lower a client's premium. For agents navigating the growing complexity of commercial cyber placements across the US market, those pre-submission conversations are now table stakes.
On the AI front, Erle did not mince words. He cited a statistic indicating that phishing attacks surged roughly 1,248% following the rise of large language models a figure he recalled from a report published approximately two years ago, which editors should verify against a primary source before publication. The threat is no longer hypothetical.
"AI has completely redrawn the threat landscape. Every employee opening ChatGPT on a work laptop without a policy in place is creating exposure you can't see and can't control. Creating an AI Acceptable Use Policy is step one. Making sure it's enforced is the part that actually keeps you off the front page," he said.
