According to executives at Coalition, cyber risk in 2026 will be defined less by isolated breaches and more by hidden interdependencies that drive correlated, systemic loss, forcing re/insurers to demand deeper technical clarity, stronger underwriting discipline, and broader coverage responses.
Rising systemic and supply chain risks, increasingly complex cloud dependencies, and evolving privacy regulations are challenging traditional underwriting approaches, while a soft market environment underscores the need for disciplined risk evaluation and innovative policy features, signalling that both clarity and differentiation will be key for re/insurers navigating the year ahead.
Diana Liu, Head of Underwriting at Coalition Re, commented, “Mounting pressure on systemic risk accumulation will prompt a market outcry for greater risk clarity. Systemic cyber risk will come under greater scrutiny as growing accumulation applies a greater destabilising force across the global financial system.
“As market exposure continues to expand, current aggregation methods — often limited to industry, revenue, or geographic groupings — will increasingly fail to keep pace with the scale and complexity of digital interdependence.
“Sector-specific mini-cats will further expose these shortcomings, pushing reinsurers toward more transparent, data-rich views of their digital portfolios.
“To prevent systemic failure, the cyber reinsurance market will be forced to capture correlations rooted in shared software, common vulnerabilities, and concentrated cloud reliance. Effective risk transfer and smarter capital deployment will require a shift toward technically grounded aggregation models that reflect real-world digital dependencies.
“As 2026 approaches, demand for deeper risk clarity will accelerate as carriers and cedants recognise that broad portfolio characteristics are no longer enough to contain systemic accumulation.”
Tiago Henriques, Chief Underwriting Officer at Coalition, said, “Cyber underwriting will focus on business interruption of cloud infrastructure.
“After a year of significant outages, cyber insurers will increasingly focus on reducing aggregation risk when thousands of websites and servers are impacted simultaneously.
“Events like the CrowdStrike and AWS outages (caused by technical failures rather than attacks) highlight that businesses remain exposed if they lack multi-region or multi-cloud strategies, which many may not adopt due to limited resources.
“These outages expose a broader gap in how the market evaluates, models, and insures cyber dependencies; technical debt and infrastructure vulnerabilities are often overlooked by both businesses and insurers during underwriting.
“To remain profitable, insurers will need a deeper understanding of technology interconnections, critical dependencies, and how they translate into correlated loss potential. This knowledge will allow underwriting to directly address business interruption risks tied to cloud software and other systemic technical failures.”
Anne Juntunen, Senior Claims Manager at Coalition, noted, “Wrongful collection claims will increase as opportunistic claimants capitalise on statutory damages.
“The frequency of wrongful collection claims is already rising, fueled by awareness of state privacy laws and wiretap statutes that allow individuals to seek statutory damages for improper data collection.
“While demand letters and lawsuits historically came from well-resourced law firms targeting high-traffic or complex websites, a new wave of opportunistic claimants is emerging, recognising that automated or template-based letters can be profitable.
“In 2026, as privacy compliance becomes more fragmented and tracking technologies become more sophisticated, businesses lacking clear disclosures, proper consent mechanisms, or oversight of third-party marketing and analytics tools will be most exposed.
“Without proactive measures — auditing web technologies, tightening vendor contracts, and strengthening consent flows — organisations are likely to see a significant increase in privacy-related third-party claims.”
Shawn Ram, Chief Revenue Officer at Coalition, observed, “The continued soft market will test underwriting discipline and favour product differentiation.
“The soft cyber market will likely persist into 2026, with rate decreases and aggressive pricing strategies intensifying competition. Even as carriers chase growth, underwriters will need to stay alert to persistent aggregation exposure and systemic tail risk that discounted premiums may obscure.
“As core policy terms converge, price and coverage alone will no longer define the competitive edge. Instead, differentiation will shift toward value-added capabilities: stronger security enhancements, richer intelligence, and more sophisticated breach response services that directly help policyholders reduce risk.
“In 2026, the soft market will reveal which carriers have the underwriting rigour needed to grow sustainably without sacrificing profitability. Carriers leaning too heavily on temporary claim trends will face heightened volatility if cyber events rise or severity shifts. The market’s long-term stability will depend on disciplined evaluation and well-calibrated models rather than short-term rate cuts.”
Kyle Bryant, Head of International at Coalition, concluded, “Supply chain aggregation risk will drive insurers to expand cyber protection.
“The cyber insurance industry’s fixation on single-vendor outages has obscured a bigger systemic threat: customer aggregation risk. Events like the attack on Jaguar Land Rover (JLR) have shown how deeply exposed downstream suppliers are; small manufacturers suffer outsized economic damage when their primary buyer is disrupted severely enough to trigger government intervention.
“Current policies rarely address the financial loss a supplier experiences when a critical customer suffers a cyber event, and orders suddenly halt. Relying on suppliers to buy their own limited coverage is proving both insufficient and unsustainable.
“In 2026, rising concern over customer-aggregation exposure will push insurers to broaden policy boundaries and introduce more explicit protection for dependent-customer disruptions, reshaping how cyber policies address interconnected supply chains and resetting expectations for contingent cyber risk transfer.”
About the Author
