Everyone Thinks Cyber Insurance Is Collapsing. The Truth Is Stranger, and the Real Story Is AI.

If you read the headlines, you would assume cyber liability insurance is in a death spiral. Every week brings another breach, another ransomware payout, another company name dragged through the news. The reasonable assumption is that carriers are fleeing, premiums are exploding, and coverage is drying up.

The reasonable assumption is wrong.

Cyber insurance right now is cheaper, more available, and more competitive than it has been in years. That is not a typo. The same period that produced record attacks also produced one of the softest buyer’s markets the line has ever seen. But underneath that good news, a much more important shift is happening, and it has almost nothing to do with ransomware. It has to do with artificial intelligence, and most business owners will not notice it until it is too late, because it is happening quietly, at renewal, in the endorsements nobody reads.

Let me walk you through what is actually going on.

The Market Is Growing, Not Dying

Start with the part that surprises people most: more businesses are buying cyber coverage every year, not fewer. Global cyber premiums rose roughly 7% in 2025 to about $15.3 billion, and analysts expect the market to double by 2030.¹ Other forecasts put the line on a path toward $29 billion by 2027.² The growth runway is widest among small and mid-sized businesses, exactly the companies that used to assume they were too small to be a target.

So why are prices falling if attacks are rising? Because the line has been profitable, and profit attracts competition. Cyber loss ratios ran between roughly 40% and 50% from 2022 through 2024, and one analysis estimated the industry pulled in around $9 billion in underwriting profit over that stretch.^{3 4} That kind of result does not scare carriers away. It pulls them in. More carriers and managing general agents flooded into the segment, and that competition, combined with a stretch of less severe losses, drove rates down.⁵

The result is a genuine buyer’s market. Rates have now seen eleven-plus consecutive quarters of negative change, and one forecast expects average premiums to fall by roughly another 11% in 2026.^{3 6} Capacity is described as plentiful, with new facilities standing ready to deploy significant limits.⁷ If your renewal came in flat or down, you were not getting a special favor. That is just the market.

But the Easy Discounts Are Ending

Do not get too comfortable. The market is showing the first signs of bottoming out. Loss ratios are creeping up. Beazley, one of the carriers that reports cyber results separately, posted a 48.5% loss ratio through the first half of 2025, and 2024 was the first year that overall U.S. cyber written premiums actually declined.³ Howden’s data shows the market down about 27% from its 2022 pricing peak.⁴ Early 2026 indicators point to a deceleration in the rate of softening rather than a hard turn, but the trajectory is clear: prices have nearly hit the floor.⁸

The claims picture is shifting too. Ransomware remains the dominant driver of severity, with some events now exceeding a billion dollars.⁸ But by frequency, business email compromise and funds transfer fraud now drive around 60% of claims, and data-theft-only attacks are rising sharply as criminals skip encryption and simply steal.⁹ Most cyber claims are first-party losses, and contrary to the headlines, the majority of incidents hit small companies, not the corporate giants in the news.^{10 9}

The practical takeaway for this section is simple. If your cyber renewal jumps more than about 15% without a loss behind it, that increase is worth challenging. In a market this competitive, it is usually worth having a broker re-market the policy across multiple carriers rather than accepting the number in front of you.¹¹

The Real Story: The Great AI Unbundling

Here is the shift that matters more than any rate movement, and the one that will catch businesses off guard.

The insurance industry learned a painful lesson during the “silent cyber” era from roughly 2015 to 2023, when standard policies ended up covering cyber losses they were never designed or priced to handle.¹² Carriers swore they would never let that happen again. Now they are applying that exact lesson to artificial intelligence, and they are moving fast.

In January 2026, the Insurance Services Office, which writes the standardized policy language most U.S. commercial insurers rely on, released three optional endorsements that let carriers carve generative AI out of a commercial general liability policy.¹³ They are modular by design:

• CG 40 47 is the broad version. It strips coverage for bodily injury, property damage, and personal and advertising injury arising out of generative AI, hitting both Coverage A and Coverage B.¹³
• CG 40 48 is narrower, removing only personal and advertising injury under Coverage B, the slice where defamation and intellectual-property lawsuits over AI content tend to land.¹³
• CG 35 08 targets products and completed operations, for AI baked into something the business delivers.¹³

The definition driving all three is deliberately sweeping. It defines generative AI at the system level: if a model trained on data can produce text, images, audio, video, or code, it falls inside the exclusion.¹⁴ The forms are technically optional, but adoption is expected to be near-universal by the end of 2026.¹³

And this is not just a general-liability story. Major carriers are pushing AI out of management and professional lines entirely. W.R. Berkley filed what the market calls an “absolute” AI exclusion across directors and officers, errors and omissions, and fiduciary lines. Hamilton uses comparable language.¹⁴ Berkshire Hathaway, Chubb, and Travelers secured state regulatory approval to strip AI-related damages from standard liability policies, and regulators approved more than 80% of those requests, with Florida, Connecticut, and Maryland approving the most.¹⁵

A Gallagher Re study put the problem bluntly: the pace of AI adoption has outrun the insurance industry’s ability to underwrite it, leaving a growing class of uninsured liabilities, and the market is not merely lagging AI risk, it is actively retreating from it.¹⁶ When underwriters cannot price a risk, they exclude it.

Cyber Is the Exception, With a Few Catches

Now for the good news, and the part that directly answers the question I get most: is cyber insurance excluding AI, or covering it?

For now, cyber is largely covering it. While general liability, D&O, and E&O are carving AI out, cyber is one of the few lines reinforcing coverage rather than retreating from it.¹⁷ Most cyber carriers are affirming coverage for AI-driven attacks, and the industry’s posture has been calm. As one analysis summarized it, cyber insurers are not panicking over AI; they are signaling that they anticipated it and that coverage remains in effect.¹⁸ The logic is sound: AI mostly amplifies existing cyber exposures rather than inventing brand-new ones. An employee dumping sensitive client data into a public AI tool is still an unauthorized disclosure, which is still a covered breach.¹⁷

But there are catches, and they are worth watching at your renewal:

• Some carriers have begun adding narrow exclusions for “shadow AI,” meaning unauthorized or untracked AI use by employees.⁹
• As of January 1, 2026, a number of carriers began explicitly excluding AI-generated deepfake fraud from standard social engineering coverage, which is a real and growing exposure.¹⁹
• There is reporting that some insurers are moving to cap AI-related losses inside cyber policies rather than exclude them outright.¹⁵

So cyber keeps the door open, but the door is getting narrower in specific corners. The exact wording matters.

Where AI Claims Are Actually Being Written: Tech E&O

If the question is “where can a business actually buy real, affirmative coverage for AI going wrong,” the answer increasingly is technology errors and omissions, the line that covers professional and product failures.

A genuine affirmative-AI market is forming there. Several carriers now explicitly name AI exposures in or alongside tech E&O, covering things like model hallucinations, algorithmic bias, intellectual-property infringement from training data, and even regulatory investigations, replacing ambiguous “silent” coverage with language that says yes out loud.^{20 21} One carrier added affirmative coverage for data poisoning, where attackers corrupt a data set rather than steal or encrypt it.²² At Lloyd’s, affirmative AI cover already exists and is being written now, with the companies that secure it early getting the best terms.²⁴

But here is the trap, and it is the same line of business. Tech E&O is both the best place to find AI coverage and the place where some of the broadest exclusions live. The same W.R. Berkley and Hamilton “absolute” exclusions that hit D&O and fiduciary also appear in E&O.^{14 25} So whether your E&O policy says yes or no to an AI claim comes down entirely to the endorsements attached to your specific policy, with your specific carrier, on your specific renewal date.²⁶

There is also a geography angle worth knowing. U.S. carriers are out front filing AI exclusions, while the London market has not followed yet and is still researching, which means more favorable terms may still be available in some markets.²⁴

When underwriters cannot price a risk, they exclude it.

What This Means for You

Strip away the jargon and here is the situation in plain terms.

Cyber insurance is bigger, cheaper, and more competitive than it has been in years, which is the opposite of what the breach headlines would have you believe. The risk is no longer that you cannot get coverage. The risk is that AI exposure is quietly being unbundled from your other policies and pushed onto cyber and tech E&O, and that the carve-outs are landing in endorsements most business owners never read.

A few concrete steps before your next renewal:

1. Re-market anything that jumped. A cyber increase above roughly 15% with no loss behind it is worth shopping in this market.¹¹
2. Read the endorsements, not the summary. Specifically look for endorsement forms CG 40 47, CG 40 48, and CG 35 08 on your general liability, and any “absolute” AI exclusion language on your D&O and E&O.^{13 14}
3. Ask your broker three direct questions. Does my cyber policy affirm coverage for AI-driven attacks? Has a shadow-AI or deepfake social-engineering exclusion been added? Is affirmative AI coverage available through tech E&O for the way my business actually uses AI?
4. Treat AI governance as an underwriting requirement. Carriers are increasingly attaching AI security riders that require documented controls, model testing, and incident response plans before they will grant expanded coverage.¹⁹ This is the same control-based underwriting that made multi-factor authentication mandatory for cyber a few years ago.

The businesses that get hurt here will not be the ones that got hacked. They will be the ones that assumed their coverage looked the same as last year, signed the renewal, and never noticed the one endorsement that changed everything.

Where Hendrickson Insurance Fits In

Hendrickson Insurance is an independent Gulf Coast Florida agency — based in Sarasota and serving business owners across Bradenton, Tampa, St. Petersburg, Clearwater, Venice, and Lakewood Ranch. We build cyber, tech E&O, AI liability, and management-line programs that account for how modern businesses actually operate — not how the boilerplate policy assumes they do.

If you have not read your last cyber, GL, D&O, or E&O endorsement page-by-page, that is exactly the conversation we should be having. Book a free coverage review — it costs nothing, and you’ll know exactly which endorsements you are signing before they take effect.

Better to find the gap now than in the claim.

References

1. Beinsure, “2026 Outlook for Global Cyber Insurance Segment.” beinsure.com
2. Security.org, “Cyber Insurance Statistics and Data for 2026.” security.org
3. American Academy of Actuaries, “Cyber Insurance Nears an Inflection Point.” actuary.org
4. Cyber Insurance News, “Cyber Insurance Market Down 27% Since 2022: Howden Flags Pivotal 2026.” cyberinsurancenews.org
5. Dark Reading, “CISOs Face a Tighter Insurance Market in 2026.” darkreading.com
6. SentinelOne, “30 Cyber Insurance Statistics for 2026.” sentinelone.com
7. WTW, “Insurance Marketplace Realities 2026 — Cyber Risk.” wtwco.com
8. WTW, “Cyber Risk: A Look Ahead to 2026.” wtwco.com
9. SentinelOne, “30 Cyber Insurance Statistics for 2026.” sentinelone.com
10. Munich Re, “Cyber Insurance: Risks and Trends 2026.” munichre.com
11. Pro Insurance Group, “Cyber Liability Insurance Cost 2026.” proinsgrp.com
12. TechLifeFuture, “Silent AI Insurance Crisis: SME Coverage Gaps in 2026.” techlifefuture.com
13. Insurance Intel, “ISO Just Made AI Exclusions Standard.” insuranceintel.substack.com
14. Adversa AI, “AI Risk Management Insurance: What the New Exclusions Mean.” adversa.ai
15. PYMNTS, “Big Insurance Backs Away From AI Risk and Startups Rush In.” pymnts.com
16. Honigman, “The AI Insurance Gap and What It Means for Technology Contracts.” honigman.com
17. Insurance Business, “AI Exclusions Are Creeping Into Insurance, but Cyber Policies Aren’t the Issue Yet.” insurancebusinessmag.com
18. TechLifeFuture, “Silent AI Insurance Crisis: SME Coverage Gaps in 2026.” techlifefuture.com
19. Future Workforce Systems, “Does Your Business Insurance Cover AI Failures?” futureworkforcesystems.com
20. Vouch, “Errors and Omissions Insurance vs. AI Insurance.” vouch.us
21. Corgi Insurance, “AI Startup Insurance.” corgi.insure
22. Insurance Business, “BOXX Insurance Launches Next-Gen Tech E&O Form.” insurancebusinessmag.com
23. Coalition, “Tech E&O Insurance Coverage.” coalitioninc.com
24. Jiveen MacGillivray, “There’s an AI Clause in Your Policy. You Probably Haven’t Read It, Yet.” medium.com
25. Policyholder Pulse, “AI Exclusions in Insurance Policies: Broad Language, Uncertain Impact.” policyholderpulse.com
26. Norfolk Daily News, “AI-Assisted Design Work and E&O: A 2026 Renewal Audit Guide.” norfolkdailynews.com