Cyber Insurance Loss Ratios Rise as Pricing Cuts Erode Premium Growth
The U.S. cyber insurance market is facing mounting losses and structural shifts as price declines outpace premium growth, according to AM Best.
The industry-wide cyber insurance loss ratio climbed to 53.0 in 2025, its highest level since the ransomware surge of the COVID era, as pricing continued to fall and claims shifted toward more complex, longer-tailed third-party incidents, AM Best reported.
Total cyber direct premiums written reached $7.5 billion in 2025, up from $7.1 billion in 2024, but that gain is largely attributable to one insurer moving a block of business from an offshore entity to a U.S.-domiciled company rather than organic market growth.
With the first quarter of 2026 marking the eighth consecutive quarter of pricing cuts, and the steepest declines occurring in the fourth quarter of 2025 and first quarter of 2026, AM Best warned that reversing the deteriorating loss ratio will be difficult as long as pricing remains under pressure.
A Market Splitting Into Two
AM Best described the U.S. cyber market as increasingly bifurcated, separating into two distinct segments: one dominated by surplus lines carriers writing primary and excess cyber-specific policies, and another market focused on endorsements to other commercial policies.
By policy count, endorsements dominate, accounting for more than 2.5 million of the roughly 4.7 million total cyber policies in force. By premium, however, over 60% of the total market comes from primary cyber policies, according to AM Best data. The average premium for a primary cyber policy was $2,287, compared with just $151 for endorsements.
Surplus lines carriers now hold nearly two-thirds of all cyber premium, a share that has grown steadily since 2021. While surplus lines carriers have historically shown lower paid loss ratios than admitted carriers, their incurred loss ratio reached 55.9 in 2025, compared with 50.2 for admitted carriers, suggesting losses in that segment are taking longer to settle.
“The gap is actually narrower than last year,” said Christopher Graham, senior industry analyst, AM Best. “But consecutive years of a higher incurred loss ratio suggest surplus lines carriers may be writing different business than admitted carriers— particularly business prone to a longer tail for which losses take longer to settle.”
Third-party cyber claims filed against surplus lines carriers rose nearly 40% in 2025, compared with 12% for admitted carriers and 30% across the entire market. AM Best noted that the paid-loss advantage surplus lines carriers currently enjoy may diminish as those third-party claims work their way through longer development cycles.
Chubb remained the largest U.S. cyber insurer by direct premiums written, growing 12% to $629.2 million in 2025. Beazley jumped to second place following its own business transfer from an offshore entity, reporting $571 million in DPW. AM Best noted that Zurich’s pending acquisition of Beazley would make Zurich the top cyber insurer based on 2025 DPW figures. By policy count, Hartford Insurance Group led all writers.
Emerging Threats Lengthen the Loss Tail
AM Best identified several emerging risk factors that could extend loss development timelines and increase aggregate exposure for insurers and uncertainty for the organizations they cover.
Coordinated threat actor campaigns have grown more sophisticated, with the report highlighting the combination of phone-spoofing expertise and deepfake technology to simulate calls from company executives, triggering fraudulent employee actions. These coordinated attacks, AM Best said, expand opportunities for threat actors while broadening exposure for cyber insurers.
Rising third-party claims have also fueled an increase in class action lawsuits. Legal firms are reportedly collecting breach data and contacting affected individuals, sometimes before those individuals are notified by the breached organization itself. AM Best flagged this trend as a potential driver of social inflation for cyber insurers.
Additionally, the report cited AI-enabled “hack now, decrypt later” strategies, in which threat actors steal encrypted data today with the intention of decrypting it in the future. This approach can delay the discovery of a breach’s full impact, extending loss development further.
Regulatory requirements are also expanding, the report said.
The New York Department of Financial Services updated its third-party service provider guidance in October 2025, requiring senior leadership to actively oversee cybersecurity risk management. AM Best noted that insureds failing to meet those requirements could expose their insurers to additional third-party risk.
Federal reporting obligations under the Cyber Incident Reporting for Critical Infrastructure Act, passed in 2022, add another layer of compliance pressure for covered entities.
Obtain the full report here. &