Cyber insurance carriers are still grappling with one core problem: they don’t fully know how to measure the risks they’re underwriting.
That’s according to new research from GlobalData, which found that inaccurate cyber risk assessment remains the single biggest challenge facing insurers offering cyber coverage.
A Q1 2026 poll conducted across Verdict Media sites found that 32.1% of industry respondents identified accurate cyber risk assessment as the primary hurdle for cyber insurance underwriting. That placed it well ahead of concerns around managing exposure to shared attacks, such as multiple clients being impacted by the same breach, which was cited by 20.2% of respondents.
Why cyber insurance remains difficult to price
Unlike traditional insurance categories such as auto or property, cyber insurance lacks decades of stable actuarial history. Threat patterns evolve rapidly, attack methods change continuously, and emerging technologies like AI are introducing new layers of unpredictability.
Beatriz Benito, Lead Insurance Analyst at GlobalData, said the problem is compounded by increasingly sophisticated attackers and the growing use of AI in offensive cyber operations.
“Unlike traditional insurance lines, underwriters cannot rely on comprehensive historical data to assess cyber risks,” Benito said. “Cyber risks are constantly evolving and unpredictable, with hackers becoming savvier and more sophisticated in their techniques.”
She added that some insurers are already introducing AI-specific exclusions into policies as generative AI accelerates the threat landscape.
AI changes the underwriting equation
The rise of AI-assisted phishing, automated reconnaissance, and large-scale attack orchestration is forcing insurers to rethink how cyber exposure is modeled.
High-profile cyberattacks can trigger simultaneous claims across multiple organizations, creating what insurers describe as “aggregation risk” — where a single event generates cascading financial exposure across an insurer’s portfolio.
That dynamic has made profitability more difficult to predict and pushed many insurers toward higher premium baselines and stricter underwriting requirements.
Appetite for cyber insurance remains uneven
According to GlobalData, insurers are taking increasingly active approaches to cyber risk management, continuously monitoring emerging threats and adapting underwriting standards in real time.
However, the ability to do that varies significantly across the industry.
Smaller insurers may lack the infrastructure, telemetry, or specialist expertise required to offer cyber coverage profitably, while larger providers remain selective about the risks they are willing to absorb.
The findings suggest that although demand for cyber insurance continues to grow, the market itself is still in a maturation phase, in which underwriting models struggle to keep pace with the speed of technological and threat evolution.
Cyber insurance becomes a moving target
The broader issue for the industry is structural: cyber risk does not behave like traditional insurable risk.
Threat actors adapt quickly, AI is accelerating attack capabilities, and digital dependencies across cloud platforms and supply chains mean a single incident can have systemic consequences.
For insurers, that means cyber underwriting is shifting from static assessment toward continuous risk intelligence — a model that increasingly resembles cybersecurity operations as much as traditional insurance underwriting.
