Aon, the global professional services firm specialising in risk, insurance, reinsurance, human capital and consulting services, has said that conditions in the cyber and technology errors and omissions (E&O) insurance market remain favourable for buyers, although insurers are becoming increasingly cautious as cyber threats continue to evolve.
According to Aon, abundant market capacity and competitive conditions continue to support buyers seeking cyber and technology E&O cover. The company believes organisations still have an opportunity to secure advantageous terms and review programme structures, although signs of pricing stabilisation are beginning to emerge as insurers respond to a changing risk landscape.
Aon expects the current buyer-friendly environment to continue into 2026, but notes that cyber risk is becoming increasingly influenced by the scale and complexity of incidents. The company points to several key factors shaping the market, including ransomware losses, AI-enabled attacks, stricter privacy requirements, supply chain exposures and geopolitical uncertainty.
The firm highlights the potential for escalating tensions in the Middle East to contribute to higher levels of malicious cyber activity targeting organisations globally. At the same time, cyber criminals are increasingly using artificial intelligence and machine learning technologies to improve the efficiency, sophistication and reach of attacks.
Aon also notes that privacy regulation continues to expand across many jurisdictions, creating additional compliance obligations for businesses. The company warns that organisations deploying AI tools without appropriate governance frameworks could face heightened privacy and data protection risks.
As a result, insurers are paying greater attention to how businesses manage cyber security controls, third-party suppliers, technology platforms and emerging AI-related exposures. Aon further reports that ransomware activity intensified during 2025 across a number of sectors, including insurance, aviation and retail, while concerns remain around systemic cyber events capable of generating widespread losses.
The company believes risk professionals are increasingly focusing on building long-term resilience and ensuring insurance programmes remain aligned with future threats rather than responding solely to current market conditions.
Data published by Aon shows that the average global ransomware claim reached $713,200 in 2025, compared with $374,400 in 2024. The company also recorded a 38% increase in reported cyber and technology E&O incidents in the United States during 2025. Separately, industry data from the National Association of Insurance Commissioners showed the US cyber insurance loss ratio rising to 48.9% in 2024 from 40.7% a year earlier.
Aon says insurers are placing increased emphasis on underwriting discipline, with more detailed reviews of organisations’ cyber maturity, supplier relationships, AI deployment, privacy practices and exposure to large-scale incidents. While pricing remains competitive, the company recommends that organisations consider strengthening cyber defences and reviewing coverage limits while market conditions remain favourable.
According to Aon, around 19% of cyber liability buyers in the United States increased their coverage limits during 2025. Across North America and the Europe, Middle East and Africa (EMEA) region, Aon reports that cyber insurance pricing continues to favour buyers, supported by broad coverage offerings, stable limits and substantial insurer capacity.
However, the pace of premium reductions has slowed as insurers respond to rising ransomware losses, business interruption claims and ongoing privacy-related claim development.
In the technology E&O market, Aon says pricing remained largely unchanged during 2025. Premium movements among the firm’s clients were broadly flat throughout the year, with quarterly changes ranging from a 4% decrease to a 1% increase. Pricing across all layers generally reduced by between four and 5%. The company expects insurers to continue competing through coverage enhancements, long-term agreements and pricing guarantees.
Looking towards 2026, Aon identifies several developments likely to influence cyber insurance markets. The company notes that geopolitical instability in the Middle East could lead to increased cyber activity affecting sectors such as financial services, transport, agriculture, utilities, energy and other critical infrastructure industries. Aon advises organisations to remain alert and continue investing in cyber resilience measures.
While ransomware incidents fell significantly during the final quarter of 2025, Aon notes that the financial impact of attacks continued to rise. Global ransomware frequency declined by 45% compared with the previous quarter and by 31% year-on-year, yet average claim costs increased substantially, indicating that individual attacks are becoming more severe.
Artificial intelligence is expected to remain a major factor influencing cyber risk. Aon notes that while AI is helping organisations improve productivity and efficiency, it is also providing cyber criminals with increasingly sophisticated tools. The company highlights forecasts suggesting that nearly one in five cyber attacks could involve generative AI by 2027.
Commenting on the issue, Matt Chmel, Head of Cyber Solutions, North America, said: “If you are developing AI technology, you need professional liability or tech E&O coverage to protect your organisation. Businesses also need to look at how they are using AI, ensuring business practices, processes, safeguards and compliance measures are strong.”
Supply chain cyber risk remains another area of concern. Aon cites research showing that two-thirds of large organisations view third-party and supplier vulnerabilities as their most significant cyber exposure. The company notes that almost two-thirds of businesses experienced a third-party breach during the past year, while increasing AI adoption is contributing to more advanced supply chain attack methods.
Discussing the issue, Greg Sparacio, US Middle Markets Leader at Aon, said: “We’re working closely with clients, talking with them about the risk transfer market for this exposure and also working with them to evaluate their risk. Our CyQu assessment has a vendor supplemental included in it to help evaluate and understand critical suppliers they rely on. That is something we find is really important.”
Aon also reports that privacy-related litigation remains an area of concern for insurers, particularly in the United States, where legal actions linked to data collection practices and online tracking technologies continue to increase. According to the company, insurers are responding by reviewing policy wording and reassessing coverage related to privacy exposures.
The firm further highlights a range of regulatory developments, including cyber security disclosure requirements introduced by the US Securities and Exchange Commission, forthcoming incident reporting obligations from the Cybersecurity and Infrastructure Security Agency, and the European Union’s NIS2 Directive, all of which are increasing expectations around governance and reporting.
Stephen Viña, Senior Vice President, Cyber Solutions at Aon North America, said: “Cyber incident reporting requirements are raising the bar on governance, planning, and communications. These developments are putting cyber at the top of the agenda.”
Aon concludes that organisations are making greater use of data and analytics to support cyber risk management decisions. The company says advanced analytical tools are helping businesses assess risk more accurately, evaluate coverage adequacy and develop stronger long-term resilience strategies.
As Ady Sharma, Cyber Growth Leader at Aon in Canada, explained: “Data and analytics are helping risk managers think more about limits and adequacy vs. just limits and budget. Historically they have relied on benchmarking, cause of loss reports, publications and what peers were doing. We can enable them to make accurate decisions to protect their assets and build resilience.”
