This article is by Ed Ventham – Head of Broking at Assured
With awards season in full swing, Hollywood will once again congratulate itself for manufacturing high-stakes drama and peril. In the cybersecurity world, the past year has delivered something just as theatrical, but far more consequential.
From landmark breaches to large-scale supply chain disruption, 2025 reinforced a reality that boards now understand clearly: cyber risk is inextricably linked to financial resilience. When systems fail, revenue is hit, operations stall, and trust erodes. Fast.
That strengthens the case for cyber insurance, but it’s not that straightforward.
As 2026 gets underway, CISOs are operating in a market shaped by competing pressures: rising losses, tightening underwriting expectations and a threat landscape that remains stubbornly unpredictable. Based on what we’re seeing across the market, five themes are set to define the year ahead.
1. Look out for a hardening market
The UK may have exited its last hard cyber insurance market three years ago, but the familiar signals are re-emerging. Rate reductions alongside rising losses are a combination that rarely holds for long.
Cloud-related outages were frequent throughout 2025, driving extended downtime and complex claims. If those losses continue, reinsurers may retreat quickly, triggering knock-on effects that ripple through insurers and buyers alike.
Demand, however, is likely to rise. Government data shows only 45% of UK businesses held cyber insurance in 2025. But as the impact of incidents becomes harder for boards to ignore, coverage will increasingly be viewed not as optional, but as essential.
2. Insurers innovating to win share
In the absence of an immediate market correction, insurers will continue aggressively competing for buyers. That competition is already fuelling a wave of product innovation. This includes affirmative AI endorsements designed to cover losses caused by AI-powered attacks and sector-specific add-ons like ‘missed bid’ endorsements in construction, so if a company misses an opportunity to bid for a contract due to a cyber attack, the policy pays out.
Some of these developments will add real value to customers. Others will serve purely as “differentiation” in a crowded market.
AI-driven attacks are not fundamentally new and should already fall within the scope of existing cyber policies. In that context, some AI endorsements risk being more marketing than material. But their emergence is a clear signal of intensifying competition.
Dependent customer interruption cover (DCI) is also gaining traction following high-profile incidents at JLR and M&S. The first insurer created DCI after the M&S incident. For a business that relies on a customer buying its products, if that customer has a cyber attack and can no longer buy the products from the business that is insured, that loss would be covered under DCI. Two insurers now offer this cover, which was a massive innovation last year.
For organisations reliant on a small number of major customers, this could materially change how cyber risk is transferred.
3. Supply chain risk reshaping contracts and claims
The scale of supply chain incidents in 2025 reset expectations. Copycat attacks targeting complex ecosystems are increasingly likely, driven by the leverage these incidents create.
As a result, contractual scrutiny will intensify. Data breach indemnities that fail to account for operational disruption will come under pressure, with tighter definitions and broader cyber protections emerging over the year.
The rapid adoption of workplace AI tools adds another layer of exposure. Data leakage through chatbots and shadow AI is already surfacing as a material risk, with legal and reputational consequences for organisations that lack clear governance.
4. Underwriters raising the bar on controls
While insurers may still be competing for buyers, underwriting discipline is unlikely to soften.
Organisations should expect deeper scrutiny of their controls, particularly around identity security and third-party risk management. Multi-factor authentication alone is increasingly viewed as insufficient, with greater emphasis on phish-resistant methods.
Third-party risk is also under the microscope. Annual questionnaires are being replaced by continuous monitoring, driven by both regulation and insurer expectations alike. Where new regimes such as DORA, NIS2 and the forthcoming Cyber Security and Resilience Act do not mandate change, insurers increasingly will.
Underwriters are increasingly wanting to drill down into how organisations vet their suppliers and customers, and what kind of due diligence they’re doing on controls.
5. Government’s expanding role in systemic cyber risk
Finally, CISOs must factor in the growing role of the government in the cyber liability space in 2026.
Some cyber incidents now exceed the capacity of private insurance markets alone. The government’s decision to underwrite loan guarantees following major supply chain disruption in 2025 may set a precedent for how future crises are handled.
Whether these interventions become formalised remains uncertain, but their existence will influence attacker behaviour, insurer appetite, and risk-transfer strategies alike.
Preparation over prediction
This year, CISOs will need to be more adaptable than ever. Predicting how the threat landscape will evolve has become increasingly difficult and market conditions can shift quickly.
The organisations best positioned for the year ahead will be those that focus less on forecasting the next crisis and more on building resilience – operationally, contractually and financially.
In cyber security, the drama is unscripted. The consequences are real. And preparation remains the only reliable advantage.
Be the first to comment