Book Intro Call
Marta Helena Shuh from Howden Brasil, James Brogan from Ambridge and Kevin Neslage from Cypfer, reveal why cyber insurance pricing, SME distribution, and underwriting discipline are under strain in 2026.
  • Guides

SMEs Are Putting The Cyber Insurance Market Model Under Strain

SMEs, Pricing Discipline, and the Search for Sustainability
4 min read
All Posts

SMEs Are Putting The Cyber Insurance Market Model Under Strain

  • Guides
4 min read
Marta Helena Shuh from Howden Brasil, James Brogan from Ambridge and Kevin Neslage from Cypfer, reveal why cyber insurance pricing, SME distribution, and underwriting discipline are under strain in 2026.

Earlier this year, the Cyber Insurance Academy hosted a State of the Market panel discussion, bringing together voices from underwriting, broking, and claims to examine where the cyber insurance market stands in 2026. The conversation moved quickly beyond headline incidents and into a deeper structural question: is the market economically sustainable in its current form?

Panelists examined four interlinked pressures shaping today’s environment: the fragile economics of the SME cyber insurance market, the practicality of minimum security requirements, the erosion of pricing and underwriting discipline, and a broader concern that short-term growth may be outpacing long-term sustainability.

We’ve distilled their key insights and what they mean for cyber insurance in 2026.

Join CCIS graduates for a State of the Cyber Insurance Market discussion on soft market risks, SME growth, emerging markets including LATAM, product evolution, and long-term sustainability.
Want to catch up with a recording of this event? Click Here (premium members only)

 

The SME paradox: growth engine or structural weakness?

SMEs are frequently described as the next frontier for cyber insurance growth. Penetration remains low, awareness is increasing, and digitization continues to expand the attack surface for small and mid-sized businesses.

But during the panel, a more uncomfortable reality emerged: the economics of the SME segment are fragile.

A common assumption is that smaller businesses represent smaller claims; the claims experience suggests otherwise.

Forensic investigations, legal advice, notification obligations, and incident response services carry baseline costs that do not shrink proportionally with company revenue. A ransomware event affecting a £2m business may still require the same specialist vendors as one affecting a £200m organization. From a portfolio perspective, that creates volatility: a single moderate claim can consume the premium generated by dozens – sometimes hundreds – of smaller policies.

“One moderately severe claim can erase all of that premium very quickly.” (Kevin Neslage, Cypfer)

Minimum security requirements: necessary guardrails or market barrier?

Another fault line discussed was underwriting discipline at the point of entry – specifically, minimum security requirements.

From a claims and risk perspective, the argument for baseline standards is straightforward. Insurance cannot function sustainably without risk differentiation.

However, from a broking and emerging market perspective, the application of these standards is not always simple. In regions where cyber maturity and internal expertise vary widely, excessively rigid underwriting criteria may prevent SMEs from entering the market at all.

“If we ask too many questions, clients walk away. If we ask too few, we don’t understand the risk.” (Marta Helena Schuh, Howden Brasil)

This also raises the far deeper issue of segmentation: not all SMEs are alike. Some operate within complex supply chains and critical infrastructure environments. Others rely heavily on managed service providers with limited internal oversight. AI reliance in SMEs also poses a significant cyber risk concern. A uniform underwriting approach applied across these varied profiles risks either underpricing complexity or excluding viable but immature risks. The panel suggested that insurers may need to evolve beyond checklist underwriting and toward clearer risk tiers, transitional pathways, and stronger collaboration with technology providers.

Pricing discipline under pressure

If SME economics represent a structural concern, pricing discipline represents a behavioral one.

Abundant capacity, new entrants, and competitive pressure have driven a sustained soft market. According to the panel, the risk is not simply lower pricing, it is pricing that becomes disconnected from exposure accumulation and systemic correlation.

“The goal has become market share and that doesn’t align with an increasingly volatile exposure like cyber.” (James Brogan, Ambridge)

The soft market has undoubtedly broadened access and encouraged more buyers to enter. But the panel questioned whether the pendulum has swung too far. Speaking from her perspective in the Latin American market, Marta shared: ““We are seeing a price war and that’s not beneficial for anyone.” She noted that total premium volume in Brazil remained flat year-on-year despite a larger number of buyers entering the market – a signal that pricing compression may be outpacing sustainable growth.

The concern is not immediate collapse. Rather, it is that undisciplined competition today may create sharper corrections tomorrow.

Rethinking the SME model: smaller limits, smarter partnerships

Importantly, the panel did not advocate abandoning the SME segment. Instead, it explored structural adjustments that could improve sustainability.

One proposal was to recalibrate limit expectations. Rather than routinely offering multi-million-dollar limits to small enterprises, insurers could normalize more proportionate coverage bands. Another insight centered on packaging. Many SMEs do not simply want financial protection, they want guidance. Closer collaboration with managed service providers and security vendors could enable more integrated offerings: security validation, monitoring, and insurance structured together rather than separately. Such models could reduce both frequency and severity, improving portfolio stability over time.

“Normalizing smaller limits — $100,000 to $500,000 — would make the economics far more sustainable.” (James Brogan)

Capacity is not the problem – discipline may be

One of the more provocative conclusions from the panel was that the market may not, in fact, suffer from excess capacity , but rather, from concentrated deployment. In other words, the issue is not whether cyber insurance has room to grow, it is whether capacity is being deployed in a disciplined, risk-aware manner. If underwriting, pricing, and claims insights remain misaligned, the market risks repeating familiar cycles: rapid expansion followed by abrupt correction.

Conclusion: growth is possible – but only if discipline returns

The Cyber Insurance Academy’s State of the Market discussion made one thing clear: cyber insurance in 2026 is not short of opportunity. But opportunity without discipline can undermine sustainability. The SME model, pricing competition, and underwriting thresholds must evolve if the market is to avoid another hard reset. The question is ultimately one of maturity – is the market genuinely evolving, or are we sleepwalking into another hard market?

The answer will depend not on capacity alone, but on how it is used.

Unlock more world-class knowledge and expertise.

Upgrade your membership to enjoy unlimited access to premium content.

Upgrade Membership

Already have an account?

Sign in
Download Now

About Cyber Insurance Academy

The Cyber Insurance Academy was cultivated by the leading minds in cybersecurity and insurance, with a mission to help cyber insurance professionals stay ahead of the curve. We aim to address the industry’s educational gap and technical challenges, while fostering a vibrant community of like-minded professionals.

 

Our first-of-its-kind online campus blends a Gold-Standard CII-CPD accredited course, expert-led certification courses, industry-leading events, a top-tier content library, and a supportive, diverse and professional network that equips you with the confidence and expertise to lead in cyber insurance and make an impact.

You may also like

All posts

Want cyber insurance updates sent straight to your inbox?

Report

Harassment or bullying behavior
Contains mature or sensitive content
Contains misleading or false information
Contains abusive or derogatory content
Contains spam, fake content or potential malware

Block Member?

Please confirm you want to block this member.

You will no longer be able to:

  • See blocked member's posts
  • Mention this member in posts
  • Invite this member to groups
  • Message this member
  • Add this member as a connection

Please note: This action will also remove this member from your connections and send a report to the site admin. Please allow a few minutes for this process to complete.

Report

You have already reported this .

Join Our Newsletter

Get the latest cyber insurance insights in your inbox

Skip to content
Cyber Insurance Academy
Powered by  GDPR Cookie Compliance
Privacy Overview

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.