Cyber insurance

The market is defined by exclusions, not by claims-handling - Lloyd's state-backed cyber war

Cyber insurance is structurally unusual in casualty insurance because the largest single risk category - state-sponsored cyber operations - is explicitly excluded. Lloyd's Market Bulletin Y5381, issued August 2022 and effective 31 March 2023, requires all standalone cyber policies placed through the Lloyd's market to include exclusions for losses arising from state-backed cyber operations. The LMA5567A/B model clauses operationalise this via the 'Impacted State' definition - requiring 'major detrimental impact on essential services or national security' for exclusion to bind, and limiting exclusion to systems physically located in the impacted state. The exclusion was a direct response to NotPetya-era litigation where insurers tried to invoke generic war exclusions for state-attributed cyber attacks and ambiguous language tended to favour policyholders in court. The structural read: cyber insurance covers everything except the largest sovereign risks, putting the catastrophic-risk tail back on the insured (or on government / public-sector backstops). The 2024 CrowdStrike falcon-update outage and CDK Global ransomware - both structurally non-state events - stress-tested aggregation models within the covered category, but the truly catastrophic state-backed tail remains underwriter-excluded.

State of the art (2026)

Cyber insurance enters 2026 as a maturing ~$16.4B GWP market (Swiss Re) defined more by what it excludes than what it pays. Lloyd's LMA5567A/B state-backed cyber war exclusion, in force since 31 March 2023, remains the structural fault line and is still largely untested in court. Growth has cooled - Swiss Re trimmed its CAGR to 5%, against Munich Re's more bullish ~$28B-by-2030 view. The defining 2026 move is consolidation around AI-native underwriting: Coalition's May 2026 agreement to take over Allianz Commercial's global cyber book makes the insurtech model the default rather than the challenger. Ransomware remains the dominant loss driver, with SMB loss ratios the segment to watch as attacker tooling cheapens.

Ransomware is the dominant loss category and is growing again

Munich Re's Cyber Insurance Risks and Trends 2026 ranks ransomware as the top driver of insured losses, ahead of data breach, business email compromise (BEC) and DDoS – with business interruption, not the ransom payment itself, the largest component of paid claims. Publicly reported ransomware attacks rose by nearly 50% in 2025; leak-site trackers logged roughly 7,300–7,500 named victims against about 4,750 in 2024. The structural read: the 2022–2023 narrative that improved hygiene plus law-enforcement disruption (the February 2024 LockBit takedown) had broken the curve has been falsified. Operators rebuilt through new and re-formed groups (Akira, Qilin, RansomHub, SafePay, Play) and ransomware-as-a-service, and AI-assisted tooling is compounding volume. Note the nuance: in Munich Re's 2026 executive risk-perception survey, fraud and phishing overtook ransomware as the most-cited concern even as ransomware remains the largest realised insured loss. Underwriting through 2026–2028 has to price this reversal, sustaining upward loss pressure in ransomware-exposed sectors (healthcare, manufacturing, professional services, government) even as headline rates soften.

AI-driven underwriting + claims handling is the 2026-2027 productivity driver

Cyber underwriting historically depended on lengthy questionnaires (300+ questions for large risks) and slow human review. AI-driven underwriting - using continuous external attack-surface scanning, vulnerability-data feeds (Shodan, BitSight, SecurityScorecard), and ML-based risk scoring - is moving from pilot to majority adoption across major writers through 2026-2027. Coalition, At-Bay, Resilience, and Cowbell pioneered the AI-native underwriting model; the major incumbents (Chubb, AIG, Allianz, Zurich) are now investing or acquiring to catch up. AI-driven claims handling - automated initial claims triage, AI-assisted forensics, and faster business-interruption-loss quantification - is the second productivity lever. The structural read: AI-driven cyber underwriting and claims compress the loss-adjustment expense ratio meaningfully and let writers price risk faster, which is a competitive advantage as the market grows. Expect 2027 industry-survey data to show majority adoption.