Cyber and E&O: Market Remains Soft but Volatility Grows

Cyber and E&O: Market Remains Soft but Volatility Grows
March 17, 2026 11 mins

Cyber and E&O: Market Remains Soft but Volatility Grows

Cyber and E&O: Market Remains Soft but Volatility Grows

The cyber and tech E&O market remains favorable for buyers, but pricing is moderating as ransomware severity, AI-driven threats, privacy litigation and supply chain risks rise. Organizations are using this window to build resilience and optimize coverage.

Key Takeaways
  1. Market conditions remain favorable, but early signs of pricing moderation are emerging as insurers manage profitability pressures.
  2. Ransomware severity, AI-enabled attacks, supply chain vulnerabilities, geopolitical uncertainty and tightening privacy regulations are prompting closer scrutiny from insurers.
  3. Risk managers are increasingly using advanced analytics to align coverage with risk tolerance and build long-term cyber resilience.

Table of Contents

  1. Buyers' Market but New Risks Emerge

  2. Cyber Volatility Grows as Threats Evolve

  3. North America and EMEA Market Updates

  4. Cyber Analytics: Global Cyber Loss Trends

  5. Making Better Decisions through Data and Analytics

The global cyber and technology errors and omissions (E&O) market remains competitive, with ample capacity and favorable pricing. For organizations prepared to act, this continues to be an opportunity to secure coverage and optimize program structures while market conditions are still soft.

The buyers’ market is expected to extend through 2026, but the risk environment is evolving quickly, driven less by frequency and more by growing complexity and severity.

  • Rapidly evolving geopolitical events in the Middle East could result in an increase in malicious cyber attacks on global businesses.
  • Threat actors are increasingly using artificial intelligence (AI) and machine learning to automate, scale and refine attacks.
  • Privacy regulatory exposures continue to become restrictive globally, as privacy laws are added or expanded. Significant data privacy risks exist when AI tools and platforms are used to increase efficiency without proper governance or monitoring.
  • Organizations can expect cyber insurers to be focused on usage and management of supply chain vendors and cyber security platforms.
  • Ransomware activity accelerated in certain industry classes, including insurance companies, airlines and retailers in 2025.
  • Insurers are continuing to grapple with underwriting systemic events that can lead to aggregation issues.

For risk leaders, the priority is shifting from managing volatility to shaping future-ready coverage strategies. Those who use this period to align insurance programs with evolving risk realities will be best positioned as market momentum continues to evolve.

  • $713K

    Average cost per global ransomware claim in 2025 vs. $374.4K in 2024

    Source: Aon data

  • 38%

    Increase in reported U.S. cyber and tech E&O incidents in 2025 vs. 2024

    Source: Aon data

  • 48.9%

    2024 U.S. cyber loss ratio vs. 40.7% in 2023

    Source: NAIC

Cyber Volatility Grows as Threats Evolve

Insurers are tightening their focus on the drivers of loss as cyber risk develops in new ways. Underwriting reviews are becoming more targeted, with greater attention on control maturity, vendor dependencies, AI use, privacy best practices and exposure to large‑scale events.

With pricing still favorable, risk managers have an opportunity to stay ahead of emerging threats. Aon recommends reinvesting capital to strengthen cyber controls and expanding cyber liability and E&O program limits now to prepare for the future. In 2025, roughly 19% of cyber liability buyers in the U.S. purchased additional limits, according to Aon data.

Cyber

Buyer-friendly pricing continues across North America and Europe, the Middle East and Africa (EMEA), with modest price reductions, continued broad coverage, robust market capacity and stable limits. Rising ransomware and business interruption losses and poor loss development of prior years’ privacy liability claims have led to ongoing pricing moderation.

Tech E&O

Globally, tech E&O pricing remains stable. Through year-end 2025, average global Aon client premium changes remained flat with quarterly primary average pricing ranging from -4% to +1%. Pricing for all layers was in the -4% to -5% range in 2025. Coverage enhancements and program structure stability options, including long-term pricing agreements and rate guarantees, will continue to drive insurer differentiation.

Regional Spotlight: Businesses Face Similar, Yet Different Markets

  • North America

    Pricing has moderated, with Aon clients experiencing average reductions of 4% to 7% in 2025. Capacity is also ample. In 2025, more than 90 insurers participated in Aon cyber risk placements, while roughly 80% of the premium placed was aggregated to the top 20 insurers. Buyers are using this environment to optimize their programs by expanding coverage, increasing limits and adjusting retention levels to match their risk appetite.

    As capacity remains plentiful, insurers are continuing to seek growth opportunities through mergers and acquisitions. Aon is monitoring insurer activity closely, as capacity consolidations could impact pricing and program structures in the long term. Minimal disruption for most clients is expected in the short term in 2026.

    “There’s going to be a lot of pressure among insurers to continue to grow and meet aggressive goals within their cyber & E&O business units,” says Matt Chmel, Head of Cyber Solutions at Aon in North America. “I do believe, though, that you’re going to see additional volatility in the market due to insurers who deploy significant amounts of capacity going through acquisitions or divestitures. We anticipate the market will continue to operate in an unstable space for 2026.”

    In Canada, the market remains highly competitive. Aon client rate reductions averaged 20% in Q4 2025 for primary and 22% for all layers, with insurers continuing to offer attractive terms across most segments.

    “Insurers were in growth mode in Canada through 2025,” says Katie Andruchow, Cyber Broking Practice Leader at Aon in Canada. “An abundance of capacity drove double digit rate decreases. Our market is probably closer to Europe in terms of buyer-friendly conditions. Insurer growth priorities are expected to persist into 2026, however, emerging market consolidation is likely to constrict capacity and may slow the rate reduction activity.”

  • Europe, the Middle East and Africa

    Pricing remains soft and loss ratios low, although market conditions are beginning to diverge by country. Underinsurance will be a concern: Aon data shows that 70% of EMEA businesses reported vulnerability scans covering less than 100% of their enterprise — compared to 58% globally.

    “We do not expect the market to change in EMEA,” says Søren Stryger, Chief Broking Officer at Aon in Europe, the Middle East and Africa. “We see more carriers with capacity investing in hubs around Europe. Some losses are severe, but others are not covered by insurance as insurance was not purchased. We believe the cyber market is also large and mature enough to capture any single event.”

    Cyber insurance markets have generally been flexible with terms and conditions, working with the broker and client to build a program that is right for the business.

    “The market continues to be highly competitive, with substantial capacity available and ongoing increases from insurers,” says Catalina Esteban Loring, Executive Director, Cyber and Commercial E&O at Aon in the United Kingdom. “Local company markets in EMEA are leveraging cross-class relationships as a strategic advantage. We are noticing minimum rates being applied to excess layers, which will impact the pricing of excess capacity. When structuring insurance towers, it is important to remain cognizant of these dynamics; if the upper layers are not appropriately priced, it may be challenging to secure the desired limits that are right for the business.”

2026 Cyber Analytics: Global Cyber Loss Trends

Geopolitical Activity in Middle East Could Lead to Rise in Cyber Incidents: Events in the Middle East have the potential to increase malicious global cyber activity, including attacks on financial institutions, transportation, agriculture, water facilities, energy providers and other critical infrastructure. The situation remains fluid, and organizations are urged to remain vigilant and take action to strengthen controls and mitigate the risk of cyber attacks.

Ransomware Frequency Declines, Severity Up: Ransomware incidents dropped significantly in Q4 2025, down 45% globally as compared with Q3 2025 and 31% year-over-year. However, severity continues to climb. The average cost per global ransomware claim rose to $713,200, up from $374,400 in 2024, according to Aon data.

The Double-Edged Impact of Artificial Intelligence: AI is delivering significant efficiency gains for businesses, but at the same time, empowering threat actors to scale and automate attacks at unprecedented speed and sophistication. By 2027, nearly one in five cyber attacks is expected to employ generative AI.1 As AI becomes more deeply integrated into operations, organizations face a new era of cyber risk — one where autonomous, adaptive threats can outpace traditional defenses.

By 2027, nearly one in five cyber attacks is expected to employ generative AI.

Insurers are watching closely — for not just how AI is used by attackers, but how organizations are deploying it to strengthen cyber resilience.

“If you are developing AI technology, you need professional liability or tech E&O coverage to protect your organization,” adds Chmel. “Businesses also need to look at how they are using AI, ensuring business practices, processes, safeguards and compliance measures are strong.”

Supply Chain Cyber Risk: When Someone Else’s Problem Becomes Yours: Cyber risk and supply chain risk are now deeply intertwined — and that convergence is reshaping how business leaders and underwriters assess resilience. Two-thirds of large organizations identify third-party and supply chain vulnerabilities as their most significant cyber exposure.2 The concern is well-founded: Nearly two out of three companies experienced a third-party breach in the past year, and the growing use of AI is accelerating the scale and sophistication of supply chain attacks.3

“We’re working closely with clients, talking with them about the risk transfer market for this exposure and also working with them to evaluate their risk,” says Greg Sparacio, U.S. Middle Markets Leader at Aon. “Our CyQu assessment has a vendor supplemental included in it to help evaluate and understand critical suppliers they rely on. That is something we find is really important.”

Underwriters Have Privacy Litigation Concerns: As privacy regulation tightens globally, litigation risk is rising — especially in the U.S., where class action lawsuits related to tracking technologies and data collection continue to impact the market. Insurers are responding by reassessing policy language and narrowing coverage around wrongful or unlawful data collection.

New regulations from government agencies, including the Security and Exchange Commission’s (SEC) cyber security disclosure rules in the U.S., forthcoming cyber incident reporting rules from the Cybersecurity and Infrastructure Security Agency, and NIS2, a directive that aims to ensure “a high common level of cyber security” in the European Union, are raising the bar for incident reporting and accountability.

“Cyber incident reporting requirements are raising the bar on governance, planning, and communications,” says Stephen Viña, Senior Vice President, Cyber Solutions at Aon in North America. “These developments are putting cyber at the top of the agenda.”

Making Better Decisions through Data and Analytics

Leading organizations and risk leaders are using enhanced analytics to make better and faster decisions — building cyber resilience that’s both sustainable and scalable.

By moving beyond traditional benchmarking, brokers are helping risk managers align their insurance programs with actual risk tolerance.

“Data and analytics are helping risk managers think more about limits and adequacy vs. just limits and budget,” says Ady Sharma, Cyber Growth Leader at Aon in Canada. “Historically they have relied on benchmarking, cause of loss reports, publications and what peers were doing. We can enable them to make accurate decisions to protect their assets and build resilience.”

Aon’s Cyber Risk Analyzer and Cyber Quotient (CyQu) Evaluation tools offer the quantitative insights needed to understand exposure and optimize program structure.

If you are ready to evaluate your cyber risk program, contact us to discuss tailored, actionable approaches for protecting your organization from cyber attacks and data breaches.

Aon’s Thought Leaders

Katie Andruchow
Cyber Broking Practice Leader, Canada

Matt Chmel
Head of Cyber Solutions, North America

Pablo Constenla
Head of Cyber Coverage and Claims, Europe, the Middle East and Africa

Catalina Esteban Loring
Executive Director, Cyber and Commercial E&O, United Kingdom

David Molony
Head of Cyber Solutions, Europe, the Middle East and Africa

Brent Rieth
Head of Global Cyber Solutions

Ady Sharma
Cyber Growth Leader, Canada

Greg Sparacio
Middle Market Leader, Cyber Solutions, United States

Søren Stryger
Chief Cyber Broking Officer, Europe, the Middle East and Africa

Stephen Viña
Senior Vice President, Cyber Solutions, North America

1 Gartner Forecasts Global Information Security Spending to Grow 15% in 2025
2 Global Cybersecurity Outlook 2026, WEF
3 Supply chain cyber risk strategies shift toward resilience, Supply Chain Management Review

General Disclaimer

This document is not intended to address any specific situation or to provide legal, regulatory, financial, or other advice. While care has been taken in the production of this document, Aon does not warrant, represent or guarantee the accuracy, adequacy, completeness or fitness for any purpose of the document or any part of it and can accept no liability for any loss incurred in any way by any person who may rely on it. Any recipient shall be responsible for the use to which it puts this document. This document has been compiled using information available to us up to its date of publication and is subject to any qualifications made in the document.

Terms of Use

The contents herein may not be reproduced, reused, reprinted or redistributed without the expressed written consent of Aon, unless otherwise authorized by Aon. To use information contained herein, please write to our team.

Aon's Better Being Podcast

Our Better Being podcast series, hosted by Aon Chief Wellbeing Officer Rachel Fellowes, explores wellbeing strategies and resilience. This season we cover human sustainability, kindness in the workplace, how to measure wellbeing, managing grief and more.

Aon Insights Series Asia

Expert Views on Today's Risk Capital and Human Capital Issues

Aon Insights Series Pacific

Expert Views on Today's Risk Capital and Human Capital Issues

Aon Insights Series UK

Expert Views on Today's Risk Capital and Human Capital Issues

Client Trends 2025

Better Decisions Across Interconnected Risk and People Issues.

Construction and Infrastructure

The construction industry is under pressure from interconnected risks and notable macroeconomic developments. Learn how your organization can benefit from construction insurance and risk management.

Cyber Resilience

Our Cyber Resilience collection gives you access to Aon’s latest insights on the evolving landscape of cyber threats and risk mitigation measures. Reach out to our experts to discuss how to make the right decisions to strengthen your organization’s cyber resilience.

Employee Wellbeing

Our Employee Wellbeing collection gives you access to the latest insights from Aon's human capital team. You can also reach out to the team at any time for assistance with your employee wellbeing needs.

Environmental, Social and Governance Insights

Explore Aon's latest environmental social and governance (ESG) insights.

Q4 2023 Global Insurance Market Insights

Our Global Insurance Market Insights highlight insurance market trends across pricing, capacity, underwriting, limits, deductibles and coverages.

Global Risk Management Survey

Better Decisions Across Interconnected Risk and People Issues.

Regional Results

How do the top risks on business leaders’ minds differ by region and how can these risks be mitigated? Explore the regional results to learn more.

Top 10 Global Risks

Trade, technology, weather and workforce stability are the central forces in today’s risk landscape.

Industry Insights

These industry-specific articles explore the top risks, their underlying drivers and the actions leaders are taking to build resilience.

Human Capital Analytics

Our Human Capital Analytics collection gives you access to the latest insights from Aon's human capital team. Contact us to learn how Aon’s analytics capabilities helps organizations make better workforce decisions.

Human Capital Quarterly Insights Briefs

Read our collection of human capital articles that explore in depth hot topics for HR and risk professionals, including using data and analytics to measure total rewards programs, how HR and finance can better partner and the impact AI will have on the workforce.

Insights for HR

Explore our hand-picked insights for human resources professionals.

Workforce

Our Workforce Collection provides access to the latest insights from Aon’s Human Capital team on topics ranging from health and benefits, retirement and talent practices. You can reach out to our team at any time to learn how we can help address emerging workforce challenges.

Mergers and Acquisitions

Our Mergers and Acquisitions (M&A) collection gives you access to the latest insights from Aon's thought leaders to help dealmakers make better decisions. Explore our latest insights and reach out to the team at any time for assistance with transaction challenges and opportunities.

Natural Resources and Energy Transition

The challenges in adopting renewable energy are changing with technological advancements, increasing market competition and numerous financial support mechanisms. Learn how your organization can benefit from our renewables solutions. 

Navigating Volatility

How do businesses navigate their way through new forms of volatility and make decisions that protect and grow their organizations?

Parametric Insurance

Our Parametric Insurance Collection provides ways your organization can benefit from this simple, straightforward and fast-paying risk transfer solution. Reach out to learn how we can help you make better decisions to manage your catastrophe exposures and near-term volatility.

Pay Transparency and Equity

Our Pay Transparency and Equity collection gives you access to the latest insights from Aon's human capital team on topics ranging from pay equity to diversity, equity and inclusion. Contact us to learn how we can help your organization address these issues.

Property Risk Management

Forecasters are predicting an extremely active 2024 Atlantic hurricane season. Take measures to build resilience to mitigate risk for hurricane-prone properties.

Technology

Our Technology Collection provides access to the latest insights from Aon's thought leaders on navigating the evolving risks and opportunities of technology. Reach out to the team to learn how we can help you use technology to make better decisions for the future.

Trade

Our Trade Collection gives you access to the latest insights from Aon's thought leaders on navigating the evolving risks and opportunities for international business. Reach out to our team to understand how to make better decisions around macro trends and why they matter to businesses.

Transaction Solutions Global Claims Study

Better Decisions Across Interconnected Risk and People Issues.

Weather

With a changing climate, organizations in all sectors will need to protect their people and physical assets, reduce their carbon footprint, and invest in new solutions to thrive. Our Weather Collection provides you with critical insights to be prepared.

Workforce Resilience

Our Workforce Resilience collection gives you access to the latest insights from Aon's Human Capital team. You can reach out to the team at any time for questions about how we can assess gaps and help build a more resilience workforce.

More Like This

View All
  • Risk Management Across the Data Center Lifecycle

    Article 14 mins

    Building Bankable, Resilient Data Centers: From Site to Operation

    Data center spending will reach $6.7 trillion by 2030, according to McKinsey.<sup>1</sup> With significant capital on the line, facilities demand a new lifecycle approach to risk that strengthens bankability, protects schedules and delivers operational resilience from day one.

  • What Multinational Employers Need to Know about GLP-1s

    Article 5 mins

    What Multinational Employers Need to Know About GLP-1s

    GLP-1 medicines for weight loss are increasingly popular in the U.S., prompting employers to consider coverage for employees. While not as common yet globally, GLP-1s spark a broader discussion around using data and analytics to identify health risks and address obesity as a disease.

View All
Subscribe CTA Banner