AM Best, the global credit rating agency and information provider specialising in the insurance industry, has confirmed a stable outlook on the global cyber insurance segment in it’s latest Market Segment Report, Market Segment Outlook: Global Cyber Insurance.
The rating agency’s assessment reflects continued demand for cyber cover despite a softer pricing environment, alongside favourable profitability over the intermediate term and the growing role of artificial intelligence within the market.
AM Best points to several supporting factors behind its view. Take-up of cyber insurance is expected to hold up well even as competition weighs on rates, helped along by the pace of digitisation, tightening regulatory obligations and a broader recognition among businesses of the risks they face.
The agency also expects underwriting margins to stay favourable over the medium term, though it anticipates some narrowing as more insurers compete for business. Investment in prevention, resilience and incident response continues to strengthen cyber security practice across the market, AM Best notes, while capacity keeps growing as traditional reinsurers and alternative capital providers alike commit further resources. The rating agency also credits artificial intelligence and analytics tools with sharpening underwriting, exposure modelling and claims handling, and expects tighter regulation to keep pushing more organisations towards buying cover.
Commenting on the findings, Cristian Sieira, Senior Financial Analyst at AM Best, added: “Our stable outlook on the segment reflects solid demand for coverage, even as the market pricing softens, in addition to favourable profitability over the intermediate terms and the growing use of AI.”
Set against these positives, AM Best identifies a set of countervailing pressures. Ransomware, business email compromise and funds transfer fraud remain persistent and are becoming more sophisticated, driving up the potential for large claims. Greater digital interconnection is also raising the risk of systemic events capable of affecting multiple businesses or entire industries at once, and AM Best warns that the same AI tools improving defences are equally available to attackers, enabling more scalable and convincing campaigns.
Insurers themselves are not immune, the agency notes, given the volume of sensitive policyholder data they hold, while wider geopolitical instability is adding further pressure to the threat landscape. AM Best also flags that underwriting wording may need to keep evolving as the boundary between AI-related risk and conventional cyber risk becomes less distinct.
Todor Kitin, Associate Director at AM Best, said: “Insurers remain valuable targets of cyber-attacks due to the concentration of sensitive policyholder and exposure data, increasing their own operational and aggregation risk.” He further added: “Ongoing geopolitical uncertainty is also contributing to an increased cyber threat environment.”
On the regulatory side, AM Best observes that data protection obligations have been a significant driver of cyber insurance purchases. Sectors handling particularly sensitive information, such as healthcare and finance, face the strictest requirements, and the agency describes cyber cover as having become a core part of how organisations manage both risk and compliance, including the costs that can follow a breach or regulatory action.
AM Best expects forthcoming legislation on data privacy and IT security, including the EU’s Cybersecurity Act, to reinforce demand in certain markets. The report also draws attention to strain within US federal cyber agencies: funding pressure at the National Institute of Standards and Technology contributed to a backlog in the National Vulnerability Database during 2024, and AM Best notes that a subsequent government shutdown led to substantial staff furloughs at the Cybersecurity and Infrastructure Security Agency, affecting its vulnerability tracking work. AM Best cautions that reduced capacity at these agencies could hamper the flow of threat intelligence to industry and government, potentially leaving some vulnerabilities unaddressed for longer.
Turning to competitive conditions, AM Best describes the cyber market as favourable to buyers, with rate declines persisting since 2023 as insurers compete for share while still deploying capital to meet demand. The agency attributes underlying market growth to rising awareness of cyber exposure and the corresponding need for risk transfer.
The agency also records a modest rise in the loss ratio over the past three years, while stressing that the segment has remained profitable throughout. AM Best further observes that improved cyber hygiene among policyholders, driven by greater awareness of the threat, is helping to contain losses, and that insurers are increasingly working with clients on risk management rather than treating the relationship as purely transactional.
On performance, AM Best cites Munich Re estimates that global cyber insurance premiums passed USD 16 billion in 2025, though growth slowed compared with earlier years, largely due to a decline in US direct written premium amid intensifying competition and ample capacity.
AM Best suggests that some of this apparent flattening may reflect larger organisations shifting cyber risk into their own single-parent captives, particularly those with strong cyber hygiene and a favourable claims history, since such arrangements let them retain the benefit of their own good experience; the agency notes that this activity is not always visible in NAIC data, as captives do not typically file cyber supplements. AM Best also highlights a persistent protection gap among small and medium-sized enterprises, where, according to Swiss Re, market penetration remains around 10 to 20%, representing a significant growth opportunity that AM Best believes could be narrowed through closer cooperation between insurers, brokers and agents.
Geographically, AM Best notes that the United States remains the largest cyber insurance market by a considerable margin, with NAIC figures showing it accounts for more than half of global premium, a share the agency believes could approach 60% once US-related exposure written through Lloyd’s is taken into account. AM Best expects other regions to gradually increase their share of the global market, pointing to rising penetration in Europe, supported by its evolving regulatory regime and larger corporate accounts, and in parts of Asia, where growing awareness among SMEs is being driven by rapid digitalisation.
The agency also expects demand to be reinforced by the geopolitical instability following the outbreak of conflict between Iran and the United States in February 2026, noting a rise in cybercrime activity in its early months, even though the resulting losses and disruption are difficult to quantify. AM Best adds that insurers’ exposure to this conflict should be partly limited by the war exclusions that have been standard in cyber policies since 2023, although applying these exclusions in practice still requires insurers to demonstrate a link between an attack and a state-backed actor.
AM Best also discusses the role of reinsurance and insurance-linked securities in supporting the segment. It describes capacity as ample, with reinsurers and alternative capital providers both expanding their participation and helping to keep terms favourable for buyers, and notes a gradual shift from proportional towards non-proportional reinsurance structures aimed at providing greater tail protection.
The cyber catastrophe bond market, though still a small part of the broader catastrophe bond space, continued to develop in 2025, with AM Best estimating that more than USD 1.3 billion of 144A cyber catastrophe bonds were placed, including large transactions from Beazley and Chubb. Even so, AM Best expects growth in cyber-linked securities to remain fairly modest in the near term given how much capacity is already available through traditional channels, pointing to Swiss Re’s and Axis Capital’s decisions not to renew their respective cyber retrocession transactions in 2026 as an illustration, along with the continuing constraints posed by limited historical loss data and model uncertainty.
AM Best cites Comparitech data indicating that 2025 was a third consecutive record year for ransomware, with attacks worldwide rising by more than 30% to 7,419, and the United States continuing to be the most targeted country, accounting for roughly half of all recorded attacks globally.
The agency notes growing adoption of Zero Trust security approaches in response, and points to high-profile UK incidents, including attacks on Marks and Spencer and Jaguar Land Rover, as illustrations of how ransomware can cause significant operational disruption and reinforce the case for cover.
AM Best further warns that systemic risk remains a significant concern, citing outages affecting Amazon Web Services, CrowdStrike and CDK Global in 2024 and 2025 as examples of how a single point of failure can disrupt many organisations simultaneously.
On artificial intelligence, AM Best reiterates that while it strengthens cyber defences, it is equally available to criminals, who are using it to automate attacks and craft more convincing, personalised social engineering attempts, underlining the continued need for staff awareness and AI-enabled defensive tools.
Finally, AM Best highlights that insurers themselves face a growing risk of attack given the sensitive policyholder, loss control and client data they hold, making robust internal controls essential to guarding against fraud, breaches and operational disruption.




