Litigation-driven claims-cost inflation and technology exposure, not a wave of new attacks, are what is actually pushing cyber insurance losses higher, according to a new analysis from reinsurance broker Guy Carpenter published in July 2026. The report concludes that standard inflation gauges — headline inflation, core inflation and wage indices — correlate far more weakly with cyber claim severity than they do with property lines such as homeowners dwelling coverage, challenging underwriters who have priced cyber as if it moves with the same cost curves as property. The reframe arrives as Marsh and Aon data show a market where claims frequency keeps falling even as severity in ransomware and privacy litigation holds firm.
Why Guy Carpenter Says the Old Inflation Playbook Doesn’t Fit Cyber
Guy Carpenter’s analysis, detailed in a report unraveling the myths behind rising cyber claims costs, starts from a simple test: do the inflation indices insurers use to reserve casualty and property books actually explain what is happening in cyber loss triangles? The broker’s answer is largely no. Cyber severities show materially lower correlation with headline inflation, core inflation and wage-index measures than dwelling coverage in homeowners does, meaning actuaries who bolt a standard trend factor onto cyber reserves may be modeling the wrong variable entirely.
Guy Carpenter’s alternative is not a single number but a broader complexity argument. The broker argues cyber claims trends resist purely historical-data modeling, because technology shifts, artificial intelligence, geopolitics, threat-actor sophistication and regulatory change all shape outcomes in ways history alone won’t capture. That complements ongoing industry work on how AI is reshaping the threat surface, including Beazley’s warnings on AI-driven supply-chain attacks as an emerging underwriting frontier.
Where Guy Carpenter does find a strong statistical relationship is technology exposure itself. The broker finds that technology-driven measures — IoT connections, global internet users and mobile subscriptions — correlate more strongly with cyber claim costs than traditional inflation metrics do. In other words, the growth driver behind rising severity looks less like macroeconomic inflation and more like the sheer expansion of the attackable digital surface.
Litigation Migrates Downmarket, Squeezing SME Cyber Books
The second leg of Guy Carpenter’s argument is social inflation — and it is arriving in a place many underwriters weren’t watching closely. The broker identifies social inflation, driven by third-party and class-action claims, as an emerging cost driver in cyber, with a growing concentration of that activity among small and medium-sized enterprises. That marks a shift from the years when major breach litigation clustered around large, well-capitalized targets.
The mechanism, per Guy Carpenter, is economic rather than ideological. Plaintiffs’ law firms are increasingly drawn to smaller data breach cases because of how lucrative they have become, a dynamic that appears to be feeding the rise in third-party claims against smaller insureds. For carriers and MGAs writing SME cyber, that reallocates tail risk toward a segment historically priced on frequency assumptions rather than litigation severity — a dynamic worth reading alongside broader signals of commercial rate softening tracked in WTW’s CLIPS data.
Marsh and Aon Confirm the Split: Frequency Down, Severity Stubborn
Guy Carpenter’s inflation thesis does not exist in a vacuum; it lines up with what Marsh and Aon have been reporting from their own claims books. Aon describes cyber insurance as having remained a buyer-friendly market through 2024, reflecting ample capacity and a competitive underwriting environment — a condition consistent with the broader easing documented in AM Best’s read on the split between surplus and admitted cyber capacity. Marsh’s cyber insurance market update recorded a 5% average decline in US cyber insurance rates in the fourth quarter of 2024, and the softening has tracked with fewer incidents landing on carriers’ desks: Marsh clients in the US and Canada filed 29% fewer cyber claims notifications in 2025 than in 2024, while reported cyber extortion events among Marsh clients fell 33% in 2025 versus 2024, according to the broker’s 2025 cyber claims report.
Frequency, in short, is falling across the board. Severity is a different story. Marsh notes that ransomware claim counts are falling but per-claim severity is not — reinforcing the view that cost inflation, not attack volume, is the pressure point. The floor under that severity is concrete: the median breach-response expense in ransomware claims has held near $160,000, according to Marsh’s analysis of ransomware as a persistent challenge in cyber claims. Forensics, breach counsel, notification and credit-monitoring costs do not shrink just because fewer policyholders get hit.
Privacy and Website-Tracking Claims Buck the Downward Trend
If frequency and extortion counts were the whole picture, cyber underwriting could keep easing without much worry. One data point cuts against that comfort. Website-tracking and related privacy claims rose 43% in 2025 compared with 2024, even as overall claims volume fell — underscoring a shift toward litigation-driven third-party exposure. That figure is the clearest bridge between Guy Carpenter’s social-inflation thesis and Marsh’s claims data: it is precisely the kind of claim, driven by class-action plaintiffs’ bars rather than by hackers, that a frequency-based pricing model is built to miss. It also tracks with the pattern regulators and brokers are watching in fast-growing markets, where APAC’s cybercrime surge is testing underwriting capacity from a different angle — volume rather than litigation.
What the Reframe Means for Underwriters, MGAs and Reinsurers
Taken together, the Guy Carpenter, Marsh and Aon data point to a specific pricing problem rather than a general one. If claims frequency is genuinely declining — extortion counts down, overall notifications down — a portfolio priced purely on frequency trends toward rate relief. But if severity is being driven by SME-focused litigation and by the sheer growth of connected devices rather than by wage or price inflation, then trend factors built for property or casualty books will systematically understate cyber reserves, particularly on third-party and privacy exposures.
For reinsurers structuring cyber cat and quota-share treaties, that argues for separating frequency-linked layers, where the Marsh and Aon data support continued softening, from severity-linked layers tied to litigation and breach-response cost inflation, where the Guy Carpenter findings argue for caution. It also reinforces why casualty lines elsewhere in the market are holding firmer pricing discipline than cyber has shown of late, a contrast visible in Markel’s stance on holding casualty pricing lines against sidecar-backed MGA competition. Cyber underwriters chasing rate cuts on frequency data alone risk missing the same social-inflation dynamics that have already reshaped casualty reserving.
Cyber Claims-Cost Inflation: Key Questions Answered
Mini-FAQ : Guy Carpenter Maps Year Two of NAIC Clim
Is rising attack frequency driving up cyber insurance losses?
What does Guy Carpenter mean by “social inflation” in cyber?
Which cyber claims are still rising despite the broader slowdown?
Sources used
- Guy Carpenter — Inflation and cyber insurance: unraveling the myths behind rising claims costs (July 2026)
- Aon — Cyber risk insurance market remains buyer-friendly
- Marsh — Cyber insurance market update
- Marsh — Cyber claims 2025 report
- Marsh — Ransomware: a persistent challenge in cyber insurance claims