The Cyber Insurance Conundrum

Lucy Pilko leads AXA XL’s insurance business throughout the US, Canada, and Bermuda. She joined AXA XL in October 2023 from Boston Consulting Group (BCG). She was a Managing Director & Senior Partner in the New York office and led BCG’s North American Insurance Practice. Lucy brings over 20 years of consulting experience with particular focus on growth strategy, operating model and transformation for Insurance carriers and brokerage. She has worked closely with leaders from nearly all of the region’s major carriers and broking houses, helping them solve problems and uncover opportunities. Prior to BCG, Lucy was employed at Marsh McLennan and Bain Capital. Lucy has a BS in Industrial Engineering from Stanford University, and an MBA with High Distinction from the Harvard Business School, where she was recognized as a Baker Scholar.

Today’s cyber threat landscape presents a paradox. While insurance coverage options are becoming more accessible and affordable, systemic risks are simultaneously escalating quickly.

New entrants and easy capital heated up competition, pushing cyber insurance rates steadily down, roughly 5–7% over the past 11 quarters, with reductions reaching as much as 22% from their 2022 peak (NAIC).  Yet, 2025 saw a record number of ransomware attacks, a 34% rise in global assaults against critical sectors like manufacturing, healthcare, and energy.  Ransomware accounted for 44% of breaches (Verizon 2025).  Attackers are getting smarter, using multiple tactics and AI-driven methods. For instance, phishing remains a major threat, with a staggering 1,265% increase in AI-powered phishing attacks.  Nearly 50% of all email threats now include phishing links. (Deepstrike 2025).

Compounding this, cyber breaches are becoming more costly. According to IBM/Pomenon Institute’s Cost of a Data Breach Report 2025, the average cost of a breach is $4.4 million, up from 3.86 million dollars in 2018, an increase of roughly 15%.  Costs often go beyond direct breach expenses.  There are disruptions to supply chains, lost trust, or shareholder value. Although ransomware payouts are falling as organizations refuse to pay, this leads to longer recovery times and higher indirect costs like investigations, fines, and supply chain issues, increasing overall damage.

The Importance of Disciplined Underwriting

While cyber insurance policies with lower premiums and flexible options may appear attractive, the reality is more nuanced. It is important to help our clients find insurance solutions that fit their true exposure in order to protect against severe financial and operational consequences. Imagine a mid-sized online retailer that chooses higher insurance limits because it’s cheaper but then delays adding multi-factor authentication or better endpoint security. So, even though they have “better” coverage on paper, their customer data is still at risk. The same goes for hospitals with tight budgets. They might stick with less expensive cyber policies instead of upgrading outdated systems. That means they keep critical vulnerabilities open, which cybercriminals could easily exploit. It’s like paying for protection but leaving the door wide open.

Insurers, in turn, need to maintain disciplined underwriting standards to ensure that they are accurately assessing and pricing the risk. For instance, a manufacturing plant with outdated operational technology (OT) systems might secure comprehensive cyber coverage without undergoing thorough security assessments. Construction firms handling large project data and payments may receive policies with minimal controls around funds transfer fraud. This creates a false sense of security, as companies believe they are well-protected when, in reality, their risk management standards have slipped.

With the rise of ransomware attacks and the new tactics and AI methods being used in these attacks, it is even more essential for insurers to maintain strong underwriting discipline when evaluating cyber risks. Market fluctuations are inevitable. But when big losses hit — like a wave of ransomware attacks on hospitals or schools – disciplined underwriting and proactive and comprehensive risk management can help prevent or mitigate against severe consequences.

What Does a Sustainable Market Look Like?

A truly resilient cyber insurance market shifts from reacting after a disaster to proactively managing risks beforehand. Maintaining disciplined underwriting acts as a safeguard, preserving the long-term stability of the cyber insurance sector and ensuring that risks are managed effectively.

It is even more important, in the constantly evolving landscape of cyber claims, to maintain this discipline. The next big shock won’t just be more ransomware. It could be a large, correlated outage testing the limits of current policies and risk models.

To move towards a more sustainable and resilient approach, insurers must prioritize disciplined underwriting and thorough risk understanding. Insurers need a clear understanding of systemic vulnerabilities, such as reliance on cloud services or third-party partners, and must be transparent with clients about these risks. Clients, in turn, must also be transparent with their insurer about their vulnerabilities, including secondary exposures, to ensure that their carrier is providing the appropriate coverage fit. The solution should be focused on where risk is going, not where it was.

Simultaneously, organizations should strengthen their cybersecurity defenses: implement multi-factor authentication, perform regular backups, keep software updated, and manage third-party risks. For example, financial firms should use strong encryption and continuous monitoring; healthcare providers must secure patient data with access controls and HIPAA compliance; manufacturers should segment networks and deploy intrusion detection; retailers need PCI DSS compliance and fraud tools. These measures can significantly reduce both the likelihood and impact of cyber incidents.

Brokers play an important role in this process by providing strategic advice to help clients understand their full risk landscape and optimize coverage accordingly.

Final Thoughts

Cyber risks change quickly.  New AI capabilities, already being talked about, will be transformative to society more broadly, and will likely thrust the cybersecurity threat landscape toward a new frontier.  Organizations should remain diligent about embracing existing risk mitigation tools and engage with innovative solutions as they are developed to ensure safe cyber hygiene.

So, now is the time to act. Invest in advanced controls and processes. Develop comprehensive incident response plans to better prepare for potential challenges. Work with your insurer and broker to create a tailored solution that meets your specific needs. Additionally, focus on strengthening supply chain and third-party risk management to enhance overall resilience. Taking these steps today can help organizations fortify defenses and prepare for the future.

A sustainable cyber market requires insurers to have a clear understanding of systemic vulnerabilities and approach underwriting with discipline in order to provide coverage that aligns with the client’s needs.

Staying vigilant and adaptive is key. With effort and discipline, we can navigate these fluctuations and keep cyber insurance a vital, sustainable part of our risk management toolkit for years to come. &