The US cyber insurance market has fractured into two structurally distinct segments, according to a Best’s Market Segment Report published by AM Best in late June 2026. One sub-market is a surplus-lines-led arena writing standalone primary and excess cyber policies; the other is an admitted-carrier segment concentrated on cyber endorsements bolted onto broader commercial packages. The divergence matters because the two camps are now posting meaningfully different loss ratios — even as price competition accelerates across both.
A $7.5 Billion Market That Grew — But Barely
On the surface, AM Best‘s headline number looks reassuring. Total US cyber insurance premiums edged up to $7.5 billion in 2025, from $7.1 billion the year before. But the agency immediately tempers that reading: the modest gain was driven largely by carriers shifting business from offshore vehicles into US-domiciled entities, meaning genuine domestic premium growth was flat or close to zero.
The composition of that premium has also shifted decisively. Surplus lines insurers now hold almost two-thirds of all US cyber premium, a share that has grown consistently over recent years as MGAs, program administrators and wholesale brokers have leaned into the flexibility that the non-admitted market affords for a line that still lacks a stable actuarial base. Admitted carriers, constrained by rate-filing requirements and a more conservative product mix, have retreated toward endorsement-based coverage that sits inside general commercial, professional liability or tech E&O towers.
Two Sub-Markets, Two Very Different Loss Profiles
The bifurcation is not merely structural — it is showing up in the numbers. The industry-wide cyber loss ratio rose to 53.0% in 2025, its second consecutive annual increase and the first time it has breached 50% since the pandemic era, up from 48.7% in 2024. Drilling down, surplus lines carriers posted an incurred loss ratio of 55.9%, compared with 50.2% for admitted carriers.
The driver is claims volume, not severity alone. Third-party claims across the US cyber market rose approximately 30% in 2025; surplus lines carriers absorbed an almost 40% increase in those claims, while admitted carriers reported a 12% rise. The surplus lines exposure to complex, litigated third-party losses — network-security liability suits, regulatory enforcement actions, class actions arising from data breaches — is materially greater than that embedded in a standard commercial policy endorsement. That distinction matters enormously for reinsurance purchasing, limit management and the pricing of cover above the primary layer.
These trends do not exist in isolation. Claims frequency across the broader cyber market had already surged approximately 40% in 2024, driven by industrialised cybercrime and expanding litigation activity. The 2025 loss ratio deterioration is therefore a continuation of a trend that carriers were already navigating — not a sudden shock.
Eight Consecutive Quarters of Price Cuts — and Accelerating
Q1 2026 marked the eighth consecutive quarter of pricing cuts for US cyber insurance, with Q1 2025 and Q1 2026 representing the steepest reductions in that entire run. The trajectory is the opposite of what the loss data would prescribe. Christopher Graham, senior industry analyst at AM Best, made the tension explicit in the report: “The loss ratio increase is occurring as pricing is still declining and even accelerating the decline.” That compression — rising losses meeting falling premiums — is the central underwriting challenge for the market heading into the second half of 2026.
The pricing dynamic is partly structural. Surplus lines markets, unencumbered by state-filed rates, moved aggressively to cut prices as ransomware frequency softened from its early-decade peak. That competitive pressure then forced admitted carriers to follow in their endorsement products. Now, with claims frequency resurgent, neither segment has the pricing headroom it enjoyed three years ago. Reinsurers monitoring this cycle have reason for concern: as Howden Re’s decision to build out its cyber reinsurance team even as cyber reinsurance rates fell sharply illustrates, there is a bet being placed that primary market discipline will eventually reassert itself — but that bet is being stress-tested by the current trajectory.
What Bifurcation Means for Buyers, MGAs and Admitted Carriers
For risk managers and brokers, the split reinforces why programme design matters more than price alone. A buyer that relies on a cyber endorsement attached to a commercial package policy occupies a fundamentally different risk-transfer position than one holding a standalone surplus lines tower with dedicated limits. Coverage breadth, sub-limits, retention structures and claims-handling expertise diverge sharply between the two channels. The AM Best data, drawn from NAIC statutory cyber supplement filings, underscores that the admitted endorsement market has so far absorbed less of the claims wave — but also that its loss ratio is trending upward regardless.
For MGAs and programme writers operating in the surplus lines space, the report is a clear signal that the era of compounding margin from favourable loss development may be closing. The structural split into two sub-markets means that competitive dynamics from the admitted side can undercut surplus lines pricing without the admitted carrier facing the same third-party claims exposure — a classic adverse-selection dynamic if underwriting criteria are not sufficiently differentiated. MGAs that cannot demonstrate sophisticated risk selection through telemetry, security ratings and industry-vertical modelling will face increasing scrutiny from their capacity providers.
Admitted carriers, meanwhile, have a narrower window than the loss ratio differential suggests. Their 50.2% incurred loss ratio still looks respectable against the surplus lines figure, but the 12% rise in admitted third-party claims points to a segment that is not immune to the broader frequency trend. As emerging risks compound the loss tail — quantum-enabled decryption, AI-driven attack automation, systemic cloud outages — the question of whether endorsement-level limits are adequate for sophisticated buyers becomes more pressing. The intersection of these issues with infrastructure exposure is explored further in AM Best’s parallel work on AI data centre insurance risks and with cryptographic risk in analysis of how US quantum executive orders are forcing insurers to confront post-quantum cyber risk.
