May 16, 2026 - eBuilder signs an agreement for SOC/MDR with a TechHub. May 11, 2026 - eBuilder signs an agreement for SOC/MDR and automated pentests with a company in the publishing business. May 8, 2026 - eBuilder signs a pentest agreement with a leading petrochemical producer. April 8, 2026 - eBuilder signs an agreement for MDR/SOC with a hotel business. March 13, 2026 - eBuilder signs an agreement for SOC-operations with a Swedish municipality. March 2, 2026 - Large international steel company chooses eBuilders Complorer for cybersecurity training. March 2, 2026 - Large international steel company chooses eBuilder as supplier for Penetration testing. March 2, 2026 - A communications/branding agency chooses eBuilders Complorer for cybersecurity training. May 16, 2026 - eBuilder signs an agreement for SOC/MDR with a TechHub. May 11, 2026 - eBuilder signs an agreement for SOC/MDR and automated pentests with a company in the publishing business. May 8, 2026 - eBuilder signs a pentest agreement with a leading petrochemical producer. April 8, 2026 - eBuilder signs an agreement for MDR/SOC with a hotel business. March 13, 2026 - eBuilder signs an agreement for SOC-operations with a Swedish municipality. March 2, 2026 - Large international steel company chooses eBuilders Complorer for cybersecurity training. March 2, 2026 - Large international steel company chooses eBuilder as supplier for Penetration testing. March 2, 2026 - A communications/branding agency chooses eBuilders Complorer for cybersecurity training.
Company News
Industry News

Cyber Insurance Premiums Are Falling but the Small Print Is Getting Harder

June 4, 2026 5 min read
Cyber Insurance Premiums Are Falling but the Small Print Is Getting Harder

Cyber insurance premiums in the United States have dropped by an average of 5%, according to broker Marsh’s latest market update. On the surface, that looks like good news for risk managers. Read the policy terms and the picture changes.

Insurers are pulling back on what they will actually pay for. Social engineering losses, employee-initiated fraud and a broadening category of “insider action” are appearing as exclusions or sub-limits in renewed policies, according to the US Government Accountability Office’s analysis of cyber insurance market conditions. The GAO noted that insurers have tightened policy terms and conditions specifically to reduce unexpected losses from cyberattacks. A lower premium that covers less is not necessarily a better deal.

The tension here is real, courts in the United States are simultaneously moving in the opposite direction. Law firm Wiley’s analysis of 2026 cyber insurance predictions notes that courts are broadening coverage for social engineering and funds transfer fraud, in some cases overriding policy exclusion language that insurers believed was settled. The result is a market where insurers are writing tighter contracts and courts are unpicking them which is good for policyholders in litigation and bad for everyone trying to understand what they actually own before an incident occurs.

Reinsurance Is Quietly Running the Market

The rate environment is not simply a product of competition between primary insurers. Munich Re’s 2026 cyber insurance trends report identifies reinsurance capacity as the structural variable that determines how aggressively the primary market can price. When reinsurers absorb systemic risk events, primary insurers can afford to compete on price. When reinsurers pull back, the entire market tightens regardless of what any individual insurer wants to offer.

Fitch Ratings flagged in April 2026 that US cyber insurance growth is raising underwriting risk across the sector. The concern is not the current loss ratio but the accumulation problem, a single large-scale incident affecting cloud infrastructure, widely used software or payment systems could generate correlated losses across thousands of policyholders simultaneously. That is the scenario reinsurers price for and it is why the market’s current generosity has limits.

Gallagher’s 2026 cyber insurance market outlook puts it plainly. The favorable conditions in 2025 reflect a relatively benign claims period not a structural reduction in cyber risk. One major systemic event changes the arithmetic quickly.

What the Exclusion Creep Means in Practice

Social engineering fraud is where the gap between what companies believe they are covered for and what policies actually say tends to be largest. An employee who transfers funds following a convincing impersonation of a supplier or executive is not, in many current policies, triggering a cyber loss. It may fall under a crime policy, a fidelity bond or nothing at all, depending on how the organization’s coverage was structured.

This matters because Scattered Spider, the group behind the Marks and Spencer breach this spring, built its entire methodology around exactly that type of social engineering. The M&S attack began with a phone call to a third-party helpdesk. No malware, no exploit, just a convincing impersonation that led to a password reset. Whether that initial access event would trigger a cyber policy, a crime policy or both depends entirely on policy language that most policyholders have not read carefully.

WTW’s 2026 cyber risk outlook recommends that organizations conduct a formal coverage gap analysis before renewal, mapping their actual threat exposure against each exclusion and sub-limit in the current policy. That is advice most brokers have been giving for years. The difference now is that the exclusion language is moving faster than most companies’ renewal cycles.

Before the Next Renewal

Three things worth doing before signing the next policy:

  1. Read the exclusions section in full, not just the coverage summary. Social engineering, employee action and “voluntary” fund transfers are the categories where language has shifted most. If your broker cannot explain each exclusion in plain terms, that is a problem with the broker.
  2. Check whether your security controls documentation matches what you told the insurer at application. Insurers are increasingly treating misrepresentation of security posture as grounds to deny claims. If you stated that MFA was deployed across all remote access and it was not, expect a fight at claim time.
  3. Ask specifically about war and state-sponsored attack exclusions. Several major insurers inserted or expanded these clauses following the NotPetya dispute between Merck and its insurers which ran through US courts for years before a ruling in Merck’s favor in 2023. The language varies significantly between insurers and is not standardized.

The 5% rate drop is real. So is the fine print. Treat them as separate questions.

References

  1. Dark Reading: Cyber Insurance Rates Are Dropping, but Exclusions Widen
  2. US GAO: Rising Cyberthreats Increase Cyber Insurance Premiums While Reducing Availability
  3. Marsh: US Cyber Insurance Market Update
  4. Wiley: 7 Predictions For Cyber Risk And Insurance In 2026
  5. WTW: Cyber Risk – A Look Ahead to 2026
  6. Munich Re: Cyber Insurance Risks and Trends 2026
  7. Gallagher: 2026 Cyber Insurance Market Outlook
  8. Fitch Ratings: US Cyber Insurance Growth Raises Underwriting Risk

This post is also available in: Svenska

Related News

All Cyber News