Global professional services firm Aon, which specializes in risk, insurance, reinsurance, human capital and advisory services, said conditions in the cyber and technology errors and omissions (E&O) insurance market remain favorable for buyers, although insurers have become increasingly cautious as cyber threats continue to evolve.
Aon said strong market capacity and competitive conditions continued to support buyers seeking cyber and technology E&O insurance. The firm believes that while signs of stabilizing pricing are beginning to emerge as insurers respond to the changing risk landscape, there are still opportunities for organizations to secure favorable terms and review program structures.
Aon expects the current buyer-friendly environment to continue into 2026, but noted that cyber risks are increasingly affected by the scale and complexity of incidents. The company pointed to several key factors affecting the market, including ransomware losses, artificial intelligence attacks, stricter privacy requirements, supply chain risks and geopolitical uncertainty.
The company highlighted that escalating tensions in the Middle East could lead to an increase in malicious cyber activity targeting organizations around the world. At the same time, cybercriminals are increasingly leveraging artificial intelligence and machine learning technologies to increase the efficiency, sophistication and scope of their attacks.
Aon also noted that privacy regulations continue to expand into many jurisdictions, creating additional compliance obligations for businesses. The company warned that organizations deploying AI tools without an appropriate governance framework could face greater privacy and data protection risks.
As a result, insurers are paying more attention to how companies manage risks associated with cybersecurity controls, third-party vendors, technology platforms and emerging artificial intelligence. Aon further reported that ransomware activity increased in 2025 across multiple industries, including insurance, aviation and retail, while concerns remain about systemic cyber incidents that could cause widespread damage.
The company believes risk professionals are increasingly focused on building long-term resilience and ensuring insurance plans are aligned with future threats, rather than just responding to current market conditions.
Data released by Aon shows that the average global ransomware claim amount will reach US$713,200 in 2025, compared with US$374,400 in 2024. The company also recorded a 38% increase in reported cyber and technology E&O incidents in the United States in 2025. In addition, industry data from the American Association of Insurance Commissioners shows that the U.S. cyber insurance loss rate will rise to 48.9% from 2024. Growth was 40.7% in the same period last year.
Aon said insurers are increasingly focusing on underwriting discipline, conducting more detailed reviews of an organization’s cyber maturity, vendor relationships, AI deployment, privacy practices and large-scale incident risks. While pricing remains competitive, the company recommends organizations consider strengthening network defenses and reviewing coverage limits while market conditions remain favorable.
According to Aon, approximately 19% of U.S. cyber liability buyers will increase coverage limits in 2025. Aon reports that cyber insurance pricing continues to favor buyers in North America and Europe, the Middle East and Africa (EMEA) regions, driven by broad coverage, stable limits and strong insurer underwriting capabilities.
However, the pace of premium cuts has slowed as insurers grapple with rising ransomware losses, business interruption claims and ongoing privacy-related claims.
Aon said that in the technology E&O market, pricing will remain largely unchanged in 2025. Premium changes for the company’s customers were essentially flat for the year, with quarterly changes ranging from a 4% decrease to a 1% increase. Pricing is typically reduced by 4% to 5% across all tiers. The company expects insurers to continue to compete through expanded coverage, long-term agreements and pricing guarantees.
Looking ahead to 2026, Aon has identified several developments that could impact the cyber insurance market. The company noted that geopolitical instability in the Middle East could lead to increased cyber activity, impacting industries such as financial services, transportation, agriculture, utilities, energy and other critical infrastructure industries. Aon recommends organizations remain vigilant and continue to invest in cyber resilience measures.
Although ransomware incidents dropped significantly in the final quarter of 2025, Aon noted that the financial impact of attacks continues to rise. Global ransomware frequency dropped by 45% month-on-month and 31% year-on-year, but the average claim cost increased significantly, indicating that individual attacks are becoming increasingly serious.
Artificial intelligence is expected to remain a major factor influencing cyber risk. Aon noted that while AI is helping organizations become more productive and efficient, it is also providing cybercriminals with increasingly sophisticated tools. The company highlights predictions that by 2027, nearly one in five cyberattacks may involve generative artificial intelligence.
Commenting on the issue, Matt Chmel, director of cyber solutions for North America, said: “If you are developing AI technology, you need professional liability or technical E&O insurance to protect your organization. Businesses also need to understand how they are using AI and ensure that business practices, processes, safeguards and compliance measures are strong.”
Supply chain cyber risk remains another area of ​​concern. Research cited by Aon shows that two-thirds of large organizations consider third-party and vendor vulnerabilities as the most important cyber risk. The company noted that nearly two-thirds of enterprises experienced a third-party breach in the past year, and that increased adoption of artificial intelligence is enabling more advanced supply chain attack methods.
Discussing the issue, Greg Sparacio, Aon’s head of U.S. middle markets, said: “We are working closely with our clients to discuss the risk transfer market with them and work with them to assess their exposure. We include vendor supplements in our CyQu assessments to help assess and understand the key vendors they rely on. We find this to be very important.”
Aon also reported that privacy-related litigation continues to be an area of ​​concern for insurers, particularly in the United States, where legal actions related to data collection practices and online tracking technologies continue to increase. Insurers are responding by reviewing policy wording and reassessing coverage related to privacy exposures, according to the company.
The company further highlighted a series of regulatory developments, including cybersecurity disclosure requirements from the U.S. Securities and Exchange Commission, upcoming incident reporting obligations from the Cybersecurity and Infrastructure Security Agency, and the EU’s NIS2 directive, all of which have raised expectations around governance and reporting.
“Cyber ​​incident reporting requirements raise the bar for governance, planning and communications,” said Stephen Viña, senior vice president of cyber solutions at Aon North America. “These developments put cyber issues at the top of the agenda.”
Aon concluded that organizations are making greater use of data and analytics to support cyber risk management decisions. The company said advanced analytics tools are helping businesses more accurately assess risk, assess the adequacy of coverage and develop stronger long-term resiliency strategies.
As Ady Sharma, head of growth at Aon Networks Canada, explains: “Data and analytics are helping risk managers think more about limits and adequacy rather than just limits and budget. Historically, they relied on benchmarking, loss cause reports, publications, and what their peers were doing. We can help them make accurate decisions to protect their assets and build resilience.”
