National Cyber Practice Leader
- Cambridge, MD
While most executive lines remain calm entering 2026, cyber liability is quietly becoming the exception.
On paper, cyber still looks stable. Pricing appears flat. Capacity is plentiful. New carriers continue to enter the market. Competition remains fierce, particularly in the small and mid-market. For many buyers, renewals feel manageable, predictable, even favorable.
But, beneath that surface, cyber loss trends are telling a very different story.
"We're seeing losses pick back up in cyber significantly," says Steve Robinson, National Cyber practice leader at RPS. "We were up about 22% in paid ransomware losses through the first six months of 2025 versus the same period of 2024."
And that acceleration is only gaining momentum.
What makes cyber different from the rest of executive lines today isn't just that losses are rising again, it's that they're rising while the market remains soft. That disconnect is creating growing tension between underwriting results and pricing behavior, and it may not be sustainable much longer.
Rising Losses, Falling Prices
After a brief period of moderation, ransomware frequency and severity are once again climbing. Organizations across industries are experiencing more frequent attacks, higher disruption costs and longer recovery timelines. In some cases, losses are exceeding expectations that were set during the height of the ransomware crisis.
Limits losses, once a rarity, are reappearing, particularly in the small and mid-market. This shift is meaningful. For several years, most cyber claims fell well below policy limits, allowing insurers to absorb losses without catastrophic outcomes. That dynamic is changing.
Certain sectors are being hit especially hard. School districts — long considered vulnerable but manageable cyber risks — are now producing losses that far exceed historical norms, with some incidents resulting in seven-figure payouts. Healthcare-adjacent organizations and service providers are also seeing elevated severity, driven by the sensitivity of the data they handle and the operational disruption that follows an attack.
Despite these trends, pricing hasn't followed suit. Why? Capacity.
Cyber capacity hasn't only returned, it's flooded into the market. New entrants continue to arrive, while carriers that once pulled back are re-entering aggressively.
Robinson points to the behavior shift following the peak of the ransomware crisis: "A lot were standing on the sidelines during COVID and when the ransomware epidemic was at an all-time high," he says. "As that started to calm down, rates went back down, and it became 'this might be the time to get in.' "
That influx of capital has kept rates soft, even as losses rise. In many cases, carriers are competing heavily for market share, particularly in segments where growth targets remain high. The result is a market where pricing pressure remains downward or flat, even as underlying risk indicators point in the opposite direction.
This misalignment between loss trends and pricing behavior is what truly sets cyber apart from the rest of executive lines entering 2026.
In management liability, professional liability and employment practices, stability is largely supported by relatively predictable loss experience and underwriting discipline that varies by industry. Cyber, by contrast, is facing rapidly evolving threats, increasing claim severity and structural changes in how attacks are carried out, all while pricing remains anchored by excess capacity.
For now, that capacity is masking volatility. But as loss ratios deteriorate, the pressure is building.
Ransomware Has Evolved
Today's ransomware attacks are fundamentally different from those seen just a few years ago. Ransomware-as-a-service (RaaS) has lowered the barrier to entry dramatically, allowing attackers with limited technical skill to deploy sophisticated attacks at scale. Rather than requiring deep expertise or large criminal organizations, modern ransomware operations rely on modular tools, affiliate models and automated processes.
At the same time, geopolitical shifts have altered the cybercrime landscape. Organized hacking groups that were once closely aligned with specific nation-states have splintered into smaller, more fluid entities. These groups are harder to track, faster to adapt and less predictable in their targeting.
"The operational barrier has dropped dramatically," Robinson explains. "It's easier for bad actors to deploy these attacks in ways that are more targeted and believable than they used to be."
As a result, artificial intelligence (AI) has become a force multiplier for cyber attackers. AI-driven tools allow attackers to automate reconnaissance, analyze publicly available data and tailor phishing campaigns with unprecedented accuracy. Emails, text messages and voice communications can now be customized to match tone, language and context in ways that are far more convincing than traditional phishing attempts.
Deepfake technology has added another layer of complexity. Attackers can impersonate executives, vendors or trusted partners through voice and video, dramatically increasing the likelihood that an employee will comply with a fraudulent request.
"The problem is that a teenager with a laptop can now do impersonations very easily with free software," Robinson says. "That's where it gets dangerous."
These attacks often bypass traditional cyber defenses entirely. Firewalls, endpoint detection tools, and malware scanners are ineffective against social engineering tactics that rely on human trust rather than malicious code.
As a result, cyber risk is becoming less about technical vulnerabilities and more about behavioral ones, a shift that complicates underwriting and risk assessment.
Shadow AI as an Internal Risk
Even organizations that haven't formally adopted AI tools are exposed. Employees are increasingly using publicly available AI platforms to draft documents, analyze information, summarize content or compare contracts, often without oversight, approval or understanding of how those tools handle data. That behavior, commonly referred to as "shadow AI," introduces new privacy, regulatory and liability risks.
"Maybe someone wants to compare insurance policies or forms," Robinson explains. "So they input an actual client's policy into the AI model. Now you've got a data breach."
In these scenarios, sensitive or proprietary information may be uploaded into public systems, triggering data privacy violations or contractual breaches. The organization may not realize what's happened until long after the data has been exposed.
Shadow AI risk sits at the intersection of cyber liability, professional liability and regulatory exposure, making it especially difficult to manage and insure.
Carriers are beginning to take notice. AI-related questionnaires are appearing on cyber renewals, particularly for middle-market and larger organizations. These questionnaires aim to understand how AI tools are used internally, what controls are in place and whether employees are operating within defined guidelines.
Early Warning Signs From Carriers
Some insurers are already questioning whether current market conditions are sustainable.
Public comments from major cyber insurers expressing concern about profitability haven't gone unnoticed. When frontline carriers raise red flags about loss trends and pricing adequacy, it often signals that underwriting behavior may soon change.
"To hear one of the biggest cyber insurers say they have concerns about profitability is notable," Robinson says. "We don't expect to continue seeing this environment where losses are going up and rates are going down for too much longer."
In fact, early signs of moderation are already emerging. Certain carriers are applying more scrutiny to specific industries, adjusting terms or pushing for flat to slight increases in targeted classes, even as the broader market remains competitive.
For now, cyber liability remains calm on the surface. Capacity remains abundant. Buyers continue to benefit from competitive pricing. But cyber is drifting away from the rest of executive lines in meaningful ways. Loss trends are accelerating. Attack methods are evolving. AI is amplifying risk. And the disconnect between underwriting results and pricing behavior is growing harder to ignore.
Learn more about what's next for the executive lines market in the 2026 Executive Lines Market Outlook Report.
Contributor Information
