Cyber Insurance Statistics for 2026

The global cyber insurance market is projected to reach around $15.6 billion in premiums in 2025 and $16.4 billion in 2026, according to Swiss Re, a sharp slowdown from the 30%-plus annual growth recorded between 2017 and 2022. Ransomware still drives 60% of large cyber claims by value, per Allianz Commercial's 2025 cyber risk update, even as overall claim severity dropped roughly 50% in the first half of 2025. Rates that softened for two straight years are now expected to climb 15% to 20% in 2026, according to S&P Global Ratings. For IT and security leaders, the headline is simple: insurance is getting cheaper for buyers in 2025, more selective at underwriting, and more demanding on technical controls.

Key cyber insurance statistics at a glance

• Premiums in 2025: Global cyber insurance premiums reached an estimated $15.6 billion in 2025 and are projected to rise to $16.4 billion in 2026 (Swiss Re).
• Rates rising again: S&P Global Ratings forecasts a 15% to 20% increase in cyber insurance pricing in 2026 after rates fell 22% from their 2022 peak (S&P Global Ratings).
• Ransomware dominates loss costs: Ransomware accounts for 60% of the value of large cyber claims (those over EUR 1 million), per Allianz Commercial.
• Claim severity is falling: Allianz Commercial reports a 50% decline in cyber claim severity in the first half of 2025 and a 30% drop in large-loss frequency, driven by faster detection and response (Allianz Commercial).
• Data theft is now embedded in most ransomware: Data exfiltration was a factor in 40% of large cyber claims in H1 2025, up from 25% across all of 2024 (Allianz Commercial).
• Breach costs trended down: The global average cost of a data breach fell 9% to $4.44 million in 2025, while US breaches averaged $10.22 million (IBM Cost of a Data Breach Report 2025).
• SMB uptake is climbing: 71% of small and mid-sized businesses now carry some form of cyber insurance, although smaller firms remain less covered, per the Hiscox Cyber Readiness Report 2025.
• MFA is now table stakes: 99% of cyber insurance applications include specific questions about MFA implementation, according to Marsh.
• ROI is real: Howden estimates a 19% ten-year ROI on cyber insurance for a EUR 500 million-revenue firm that experiences claims (Howden).

Resilience tracks coverage: Cyber insurance and cybersecurity spending are increasingly intertwined as organizations face surging AI-driven threats and supply chain risk (World Economic Forum Global Cybersecurity Outlook 2026).

‍

Cyber insurance market size and growth in 2026

Cyber insurance is one of the fastest-growing lines of property and casualty business in the world, but its trajectory has flattened sharply. Swiss Re projects global cyber premiums of about $15.6 billion in 2025 and $16.4 billion in 2026, with a five-year CAGR cut to roughly 5%. That is well below the 31% CAGR the sector recorded between 2017 and 2022. North America still accounts for around 37% of global premiums, although Howden expects most of the next wave of growth to come from Europe, Latin America, and Asia.

Pricing tells the same story. Howden's 2025 cyber report shows global rates down 22% from the 2022 peak and around 6% lower in 2025 than in 2024. That trajectory is about to reverse. S&P Global Ratings expects premium increases of 15% to 20% in 2026, citing rising claim severity, growing data theft, and the cost of AI-driven attacks. Buyers who locked in long terms during the soft market of 2024 to 2025 will see noticeably higher renewal quotes through the back half of 2026.

Claim frequency, severity, and loss ratios

Even as cyberattacks intensify, insurers report that paid losses are stabilizing. Allianz Commercial analyzed claims in the first half of 2025 and found a 50% drop in average claim severity and a 30% decline in large-loss frequency. The insurer attributes this to two changes: larger companies are detecting and containing attacks earlier, and threat actors are increasingly shifting their attention to less mature mid-market targets where they expect a faster payday.

The early-detection effect is dramatic. Allianz reports that the cost of a ransomware attack that progresses to data theft and full encryption can be up to 1,000 times higher than an incident detected and contained at the initial-access stage. That math is now built into how underwriters price coverage. Carriers reward companies that can document working endpoint detection and response, 24/7 monitoring, and tested incident response playbooks.

Smaller incident counts do not mean every business is safer. Hiscox found that 59% of small and mid-sized companies suffered a cyberattack in the last 12 months, with 33% of breached SMEs hit with substantial regulatory fines. Forty-four percent reported direct losses from payment-diversion fraud, and 32% said employees experienced burnout after responding to an attack.

Claim frequency by attack type: ransomware, BEC, and business interruption

The mix of cyber claims has shifted twice in three years. Ransomware drove most of the loss-cost spike of 2020 to 2022. By 2025, ransomware still dominated the largest claims while business email compromise (BEC) became the single most common claim category by count.

On the severity side, Allianz Commercial reports that ransomware accounts for 60% of the value of large cyber claims (over EUR 1 million), with data theft and extortion making up most of the remaining 40%. Data exfiltration alone was a factor in 40% of large 2025 claims, up from 25% in 2024. Manufacturing remained the most-claimed sector in 2025, generating 33% of all large cyber claims, with professional services next at 18%.

On the frequency side, BEC and funds-transfer fraud now dominate. Insurers consistently report that email-based attacks generate the highest count of cyber claims, with average BEC losses in the tens of thousands of dollars per event. Business interruption has also become a more frequent loss driver as enterprises depend on a deeper stack of SaaS, cloud, and managed services. A single dependency outage can trigger contingent business interruption claims for hundreds of insureds at once, which is one reason Swiss Re continues to flag systemic risk as the single largest threat to cyber market profitability.

Coverage requirements: MFA, EDR, backups, and incident response

Underwriting is now a technical audit, not a questionnaire. Marsh's US cyber market update notes that 99% of cyber insurance applications in 2025 include specific MFA questions, and a similar share ask about endpoint detection and response (EDR), privileged access management, immutable backups, email security controls, and patching cadence. About three out of four major carriers now run external attack surface scans before binding coverage.

The bar keeps rising. Phishing-resistant MFA, often FIDO2 or hardware security keys, is increasingly favored over SMS-based MFA, especially for administrator and remote-access accounts. Endpoint coverage must include servers, with carriers demanding documented agent health rather than self-attested rollout. Backup requirements have tightened around immutability, offline copies, and tested restore procedures. Incident response retainers, once a nice-to-have, are now table stakes for organizations seeking sub-72-hour notification compliance.

These requirements connect directly to claim outcomes. Where MFA is missing or inconsistently enforced, denials follow. Cyber insurance buyers consistently report that under-documented or partially enforced controls are the leading reason a claim that should have paid does not. The takeaway for IT leaders is straightforward: getting a quote is now the easy part. Passing an underwriter's evidence test, and proving the same controls were active at the time of an incident, is what determines whether a policy actually pays.

War exclusions, silent cyber, and denied claims

Cyber insurance contracts changed substantially after the wave of state-linked attacks that followed Russia's 2022 invasion of Ukraine. Lloyd's of London now requires all standalone cyber policies to exclude losses from state-backed cyberattacks that significantly impair a state's security or function. Most major carriers globally have adopted equivalent language, ending years of ambiguity around so-called 'silent cyber' coverage embedded in property and general liability policies.

Buyers should not assume the new exclusions are theoretical. Attribution clauses give insurers meaningful discretion in declaring an incident state-backed, and reinsurance treaties reinforce these carve-outs further upstream. Combined with stricter underwriting, these clauses help explain why a non-trivial share of cyber claims now end in partial or full denial. Industry reporting points to denial rates approaching or exceeding 40% in some recent samples, with the most common drivers being missing or undocumented MFA, late notification under strict 48 to 72-hour windows, and lapses in patch management at the time of the incident.

SMB vs enterprise: a widening insurance gap

Cyber insurance penetration looks very different at the top and bottom of the market. Swiss Re estimates that 60% to 70% of large corporates with more than $1 billion in revenue buy cyber insurance, falling to 40% to 50% of mid-market firms, 10% to 20% of small businesses, and 5% to 10% of micro-enterprises. Hiscox's 2025 SME survey suggests uptake among small and mid-sized firms has improved to around 71%, helped by bundled cyber clauses in commercial policies and easier broker access.

The economics are different too. Smaller insureds pay lower premiums but face proportionally larger losses when a breach occurs, because they have fewer internal resources to absorb downtime, legal costs, and customer notifications. Hiscox found that more than four in ten breached SMEs (44%) suffered direct losses from payment-diversion fraud, and many struggled with reputational damage that lingered for months. The World Economic Forum's Global Cybersecurity Outlook 2026 warns that cyber incidents are now threatening the solvency of small businesses, not just disrupting them.

Emerging trends and what is new in 2026

Several shifts are reshaping cyber insurance heading into 2026:

• AI risk is moving into policy language. The World Economic Forum's Global Cybersecurity Outlook 2026 highlights AI-driven threats as a top systemic risk for the year ahead, and underwriters are starting to ask about AI tool inventories, governance of model usage, and prompt-injection controls. Hiscox reports that 57% of SMEs say they have been hit by at least one attack tied to an AI-related vulnerability.
• Data theft is the new ransomware. Allianz Commercial notes that data exfiltration appeared in 40% of large 2025 claims, up from 25% in 2024. Insureds are now spending more on notification, credit monitoring, and regulatory response than on extortion payments themselves.
• Most ransom demands go unpaid. Industry data shows ransom demands climbing year over year while the share of organizations refusing to pay reaches record highs, evidence that backups, incident response retainers, and stricter board-level policies are reshaping the economics of extortion.
• Premiums are turning upward. After two years of softening, S&P Global Ratings expects 15% to 20% rate increases in 2026, with the biggest hikes landing on insureds that cannot demonstrate strong technical controls.
• Cyber-resilient companies are more insurable. Allianz Commercial estimates that cyber-insured companies have seen loss impacts rise by about 70% over four years, compared with 250% for uninsured peers. Howden puts the ten-year ROI of cyber coverage for a EUR 500 million-revenue firm at roughly 19%, assuming an average loss profile.
• Breach costs are easing globally but rising in the US. The IBM Cost of a Data Breach Report 2025 puts the global average breach cost at $4.44 million, a 9% drop year over year, while the US average climbed to $10.22 million on the back of higher regulatory exposure and slower mean times to identify and contain.

For broader context on the trends above, see our ransomware statistics and data breach statistics roundups.

How swif.ai helps

swif.ai gives IT and security teams a single console to enforce device, identity, and compliance controls across the macOS, Windows, and Linux endpoints behind the numbers above. Explore swif.ai unified endpoint management to see how it works.