Industry snapshot
Key public data points
Historical & forecast
Base year 2025. Each series is official through its own latest government-data year (shown in the legend on each chart), and years beyond that are Claight estimates. As of July 2026 the current year is still in progress (2026 annual data is not yet published), so the forecast runs to 2030.
Get in touch and our analysts will be happy to help with custom market sizing, deeper segmentation, supplier detail or a bespoke study built for you.
Connect to an analyst →Industry Definition and Scope
What does the Cyber Liability Insurance in the US industry cover?
The industry specializes in underwrite-driven risk transfer mechanisms designed to protect corporate and institutional policyholders from the financial fallout of digital threats. Policies are broadly structured into first-party coverages, which reimburse direct expenses such as incident response, data restoration, and business interruption, and third-party liability coverages, which defend against legal claims and regulatory penalties. Carriers evaluate an organization's perimeter security, internal controls, and data hygiene practices to determine premium rates and coverage limits.
- •First-party coverage addresses immediate costs from extortion, forensic analysis, and operational downtime.
- •Third-party liability manages litigation defense, regulatory settlements, and mandatory class-action notifications.
- •Standalone policies represent approximately 69% of written premiums, while package policies account for the remaining 31% according to the NAIC.
Market Structure and Operators
Who operates in the industry and how is it structured?
The U.S. cyber insurance ecosystem operates as a distinct segment within the broader property and casualty insurance sector. Risk is distributed between primary domestic admitted insurers, domestic surplus lines carriers who handle non-standard risk, and alien surplus lines insurers who write coverage from foreign jurisdictions. A notable portion of the market relies on the surplus lines segment due to the volatile and evolving nature of digital risks which requires flexible policy terms outside standard state regulations.
- •Domestic surplus lines accounted for 57% of the market share in 2024, experiencing an increase from the previous year.
- •Alien surplus lines, primarily represented by syndicates operating via Lloyd's of London, supply significant capacity to the U.S. market.
- •There were 218 U.S. insurers actively reporting direct written cyber insurance premiums to insurance regulators in 2024.
Demand Drivers
What drives demand in the industry?
The fundamental driver of industry demand is the escalating financial and operational severity of global cybercrime. Organizations face broad exposure due to expanded cloud migrations, remote work frameworks, and systemic supply chain vulnerabilities. Rather than seeing a decline in risk, the necessity for financial protection is reinforced by surging litigation and multi-million dollar data breach settlements across public and private sectors.
- •Reported financial losses from Business Email Compromise (BEC) attacks surpassed $3.1 billion according to the FBI Internet Crime Report.
- •The frequency of corporate cyber insurance claims jumped nearly 40% in 2024, reaching close to 50,000 reported claims.
- •Major corporate cyber events, such as the 2024 AT&T data breach, led to high-profile liabilities including a $177 million settlement resolved in 2025.
Competitive Landscape and Notable Public Companies
Who are the notable companies in the industry?
Competition within the U.S. cyber liability market has intensified as favorable historical loss ratios have drawn new underwriting capital into the space. The industry is evolving from a highly concentrated layout to a more distributed environment as mid-tier carriers expand their portfolios. Underwriters increasingly differentiate themselves by providing integrated pre-breach risk assessment tools and continuous network monitoring services alongside conventional financial indemnity.
- •The top five cyber insurance carriers accounted for approximately 30% of the U.S. market share in 2024, down from 48% recorded in 2020.
- •Beazley plc, a prominent specialist cyber underwriter, reported a negative 6.8% cyber-specific rate change in the first half of 2025 due to competitive pricing pressures.
- •Chubb Limited, American International Group Inc. (AIG), and Travelers Companies Inc. operate as major direct property and casualty underwriters providing comprehensive commercial cyber coverage lines.
Recent Trends and Outlook
What are the recent trends and outlook?
The industry is experiencing a notable soft market cycle where premium rates have turned negative despite a higher overall volume of claims. To maintain profitability, insurers are expanding coverage options and lowering deductibles while simultaneously standardizing mandatory defense exclusions. Looking ahead, carriers are heavily investing in artificial intelligence tools to optimize real-time underwriting analytics and mitigate systemic risk concentrations.
- •U.S. cyber insurance premiums declined by approximately 7% in 2024 to $9.14 billion, moving down from $9.84 billion in 2023.
- •Average quarterly cyber insurance rates in the U.S. fell by 5% in the final quarter of 2024, ending seven consecutive years of price hikes.
- •The market aggregate loss ratio stood at a profitable yet elevated 49% in 2024 according to actuarial tracking.
Regulation and Compliance
How is the industry regulated?
Regulatory compliance serves as a primary structural driver for cyber policy adoption across the United States. State-level departments of insurance monitor carrier solvency and policy forms to protect corporate consumers from systemic market failures. Furthermore, state and federal mandates regarding public company disclosure and consumer data privacy enforce a legal baseline that directly impacts underwriter loss costs and litigation exposure.
- •The NAIC Cybersecurity Working Group continuously reviews data reporting standards and updates the Property & Casualty Annual Statement Supplement.
- •The NAIC Insurance Data Security Model Law (IDSM) continues to be adopted across various states, setting rigorous data governance guidelines for licensees.
- •State privacy frameworks, exemplified by multi-million dollar actions such as Texas's $1.4 billion settlement with Meta over biometric privacy, highlight the expanding liabilities underwritten by carriers.
Sources
Government, statistical and trade sources used for this Claight analysis.
- National Association of Insurance Commissioners (NAIC) 2025 Cybersecurity Insurance Report ·
- American Academy of Actuaries / Aon 2024 U.S. Cyber Market Update (Published 2025) ·
- Federal Bureau of Investigation (FBI) Internet Crime Report 2024
Claight analysis of public industry data.