Did you miss our recent State of the Market panel discussion? We have you covered. This article summarizes the key points that our panelists covered in a conversation quickly moved beyond headline-grabbing cyber incidents and took a behind-the-scenes look at key levers in the industry. While large-scale breaches and outages continue to dominate media coverage, panelists argued that these events only tell part of the story. With high capacity, soft pricing, and rising exposure converging in 2026, they focused on what cyber insurance claims, incident response, and systemic events are really telling us about the maturity (or fragility) of the cyber insurance market.
Incident response maturity is increasingly shaping loss outcomes
From a claims and incident response standpoint, preparedness is no longer an abstract concept. Panelists noted that organizations with rehearsed response plans, clearly defined leadership, and established decision-making processes tend to manage incidents more effectively – and with lower overall loss severity.
By contrast, organizations encountering a significant cyber incident for the first time often lose critical time establishing basic command structures. That delay, the panel observed, frequently translates into higher costs and more complex claims.
“What immediately becomes apparent at scoping calls is how prepared the insured was whether they are following an incident response plan and whether there are clear leaders in charge. Incident response isn’t a fire drill – it’s a fire emergency – and that tends to translate into increased claim costs.” (Kevin Neslage, Cypfer)
Human behavior remains central to cyber losses
Despite continued investment in controls, frameworks, and awareness training, human behavior continues to feature prominently in cyber claims. Claims still frequently trace back to compromised credentials, social engineering, misconfigurations, and delayed decision-making during incidents.
Even well-designed security programs, they noted, struggle to fully account for human error – particularly in fast-moving, high-pressure incident scenarios.
“Human behavior is still the biggest driver of loss. Most claims almost always trace back to people.” (James Brogan, Ambridge)
Want to learn more about the human factor in cyber risk? Try our Micro-Certification Course on Social Engineering. Enroll Now
Systemic cyber risk has moved from theory to reality
One of the clearest messages from the panel was that systemic cyber risk has moved from theory to reality. Cloud outages, software vulnerabilities, and managed service provider failures now have the potential to impact hundreds of insureds simultaneously.
This shift challenges traditional underwriting assumptions and raises difficult questions around aggregation, correlation, and portfolio exposure.
“It’s no longer theoretical that systemic risk is cyber. A single point of failure can create losses across 100 plus insureds at the same time.” (James Brogan, Ambridge)
Still stuck on systemic cyber risk? Download our Systemic Cyber Risk E-Book
Supply chain incidents expose hidden dependencies
Recent supply chain-related cyber incidents were cited as clear examples of how cyber risk propagates across interconnected systems. In many cases, disruption occurs not because the insured organization’s own controls failed, but because a critical supplier experienced an incident. These dependencies, often shared across multiple vendors and platforms, can limit the effectiveness of redundancy strategies and complicate recovery efforts.
Taken together, these incidents reinforced a central theme of the discussion: cyber supply-chain risk is no longer confined to individual organizations or regions. Instead, it creates correlated losses that are difficult to underwrite, difficult to diversify, and increasingly difficult to ignore.
Jaguar Land Rover Cyber Incident
The most detailed example discussed was Jaguar Land Rover, which the panel cited as a supplier-driven cyber disruption rather than a failure of JLR’s own cyber controls. The incident illustrated how reliance on a critical digital supplier can cascade into widespread operational paralysis, particularly when core data integrity cannot be trusted.
What made the incident especially instructive from an underwriting perspective was the failure of redundancy. Backup suppliers existed, but many relied on the same enterprise systems and logistics platforms, limiting their usefulness once the disruption occurred.
From a regional perspective, the panel noted that the Jaguar Land Rover disruption had downstream effects beyond Europe. Jaguar Land Rover’s manufacturing presence in Brazil meant that supplier failure in one region translated into production and supply issues in another, reinforcing the global nature of modern supply-chain cyber risk.
Large-Scale Cloud Outages
The panel also referenced large-scale cloud outages – including incidents involving Cloudflare and Amazon Web Services – as examples of systemic, shared-dependency risk. While not discussed as individual claims events, these outages were used to illustrate how a single infrastructure provider can simultaneously affect hundreds of downstream organizations across multiple portfolios.
Emerging markets highlight disclosure and education gaps
From a Latin American perspective, panelists noted that while legislation such as Brazil’s LGPD exists, enforcement is inconsistent, and financial impacts are not always publicly disclosed. This can obscure the true economic consequences of supply-chain cyber incidents and dampen urgency around third-party risk governance. In practical terms, many organizations still rely heavily on contractual checklists rather than ongoing monitoring of suppliers’ controls – creating a gap between perceived and actual resilience.
This, panelists noted, can reinforce the perception that cyber risk is primarily technical rather than operational or financial.
“Companies don’t always have to disclose the financial impacts, so the perception is that the risk isn’t really there. Moreover, many companies don’t have an elaborate program to monitor supplies – it depends in large part on a checklist. The problem is, that’s like asking someone ‘Do you consider yourself a nice person?’… they’ll never say they’re not!” (Marta Helena Schuh, Howden Brasil)
The implication for insurers is significant. In markets where loss disclosure is limited and supplier oversight remains informal, cyber risk can appear less acute than it truly is – until a major disruption exposes hidden dependencies. As the panel suggested, insurers in these regions may need to take a more active role not only in risk transfer, but in validating third-party controls and raising governance standards across the ecosystem.
Why these signals matter in 2026
The panel concluded that cyber risk in 2026 is less about the frequency of incidents and more about organizational readiness. Claims data is consistently highlighting which behaviors, structures, and decisions influence outcomes – yet these insights are not always reflected in underwriting, pricing, or risk selection.
Whether the market acts on these signals, panelists suggested, will shape its trajectory in the years ahead.
“The more mature organizations are the ones that are well equipped to respond and recover – and that speeds up incident response.” (Kevin Brogan, Ambridge)
